Security and Compliance Manager

Job Description:• Own and maintain the company’s Information Security Management System (ISMS)• Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST)• Respond to customer security questionnaires and due diligence requests• Oversee vendor risk management, including contracts, reviews, and security posture assessments• Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements• Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity• Define, implement, and maintain security policies, standards, and procedures• Serve as the main point of contact for auditors, regulators, and external security partners• Report compliance and risk posture to leadership and the boardRequirements:• Bachelor’s degree in information security, risk management, or related field (or equivalent experience)• 6+ years of experience in security, compliance, or risk management roles, with 3+ years in a leadership capacity• Experience working with SOC 2, HIPAA, and HITRUST frameworks• Experience working in a Cloud-based SaaS Platform• Familiarity with healthcare data security and PHI handling• Experience with Drata's GRC and compliance automation platform• Strong organizational skills and ability to manage multiple audit and certification workstreams• Excellent written and verbal communication skills, with the ability to translate compliance requirements into clear actions for engineering and business teams• Hands-on experience modernizing segregation of duties in a highly regulated environmentBenefits:• medical, dental, vision, life and AD&D insurance• EAP• short-term and long-term disability• 16 days PTO• 8 paid holidays• fully paid holiday closure• parental and family medical leave• 401k• stock options• annual bonuses and salary increases based on merit Apply tot his job