Security and Compliance Manager

Job Description: • Own and maintain the company’s Information Security Management System (ISMS) • Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST) • Respond to customer security questionnaires and due diligence requests • Oversee vendor risk management, including contracts, reviews, and security posture assessments • Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements • Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity • Define, implement, and maintain security policies, standards, and procedures • Serve as the main point of contact for auditors, regulators, and external security partners • Report compliance and risk posture to leadership and the board Requirements: • Bachelor’s degree in information security, risk management, or related field (or equivalent experience) • 6+ years of experience in security, compliance, or risk management roles, with 3+ years in a leadership capacity • Experience working with SOC 2, HIPAA, and HITRUST frameworks • Experience working in a Cloud-based SaaS Platform • Familiarity with healthcare data security and PHI handling • Experience with Drata's GRC and compliance automation platform • Strong organizational skills and ability to manage multiple audit and certification workstreams • Excellent written and verbal communication skills, with the ability to translate compliance requirements into clear actions for engineering and business teams • Hands-on experience modernizing segregation of duties in a highly regulated environment Benefits: • medical, dental, vision, life and AD&D insurance • EAP • short-term and long-term disability • 16 days PTO • 8 paid holidays • fully paid holiday closure • parental and family medical leave • 401k • stock options • annual bonuses and salary increases based on merit Apply tot his job