About Us:

Role:

Key Responsibilities:

• Lead SOC 2 Type II and HIPAA compliance operations, including evidence collection, control testing, and audit readiness.
• Serve as the primary contact with auditors, external assessors, and internal stakeholders for compliance activities.
• Partner with Legal on privacy requirements (HIPAA Privacy Rule, GDPR, state laws) and ensure controls meet both security and privacy obligations.
• Maintain a unified control framework that maps SOC 2, HIPAA, and future frameworks (e.g., HITRUST).
• Own vendor and third-party risk management, including onboarding, reviews, and BAAs/DPAs.
• Drive quarterly compliance rituals: access reviews, risk register updates, policy acknowledgments, and training compliance.
• Translate regulatory requirements into engineer-friendly tickets, policy updates, and executive-ready risk summaries.
• Identify opportunities for automation in compliance workflows (evidence collection, access certifications, vendor reviews).
• Support privacy operations, including data retention, deletion, and handling of member data requests where applicable.
• Build awareness across the business so compliance and privacy are seen as enablers, not blockers.

Qualifications/Skills:

• 6–10 years of experience in compliance, GRC, or risk management, ideally in SaaS or healthtech.
• Strong knowledge of SOC 2 and HIPAA; familiarity with privacy frameworks such as GDPR, CCPA/CPRA, or HITRUST.
• Proven ability to lead audits end-to-end and represent compliance posture to external parties.
• Experience coordinating across functions (Engineering, IT, Legal, Ops) to implement and sustain controls.
• Familiarity with compliance automation tools (Drata, Tugboat Logic, ConductorOne) and cloud environments (Okta, GCP, GitHub).
• Excellent communication skills; able to draft policies, auditor-facing documentation, and executive-ready risk reports.
• Ability to influence teams toward secure, compliant patterns without slowing down business goals.
• Bonus: experience with healthcare data protection or building privacy programs in regulated industries.

To be a strong fit, you also need:

• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.