Security and Compliance Manager
New
R
Rezilient HealthHealthcare SaaS
United StatesFull-TimeManager
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 5–10 years
- Required Skills
- HIPAA
Requirements
- Bachelor’s degree in cybersecurity, IT, risk, or compliance (or equivalent experience)
- 5–10 years of experience in security/compliance in healthcare, digital health, or SaaS/cloud environments
- Strong familiarity with frameworks such as SOC 2, HITRUST, HIPAA/HITECH, ISO 27001/27002, NIST CSF
- Experience working cross-functionally with engineering, product, IT, and clinical/operational teams
- Hands-on experience with audits, external assessors, and certification processes
- Strong knowledge of third-party risk management, incident response, and security governance
- Excellent communication skills with the ability to translate technical and compliance risks into business impact
- Relevant certifications (CISSP, CISM, CISA, CRISC) strongly preferred
Responsibilities
- Develop, implement, and maintain the security & compliance program aligned with company goals and regulatory requirements (HIPAA, HITECH, HITRUST, SOC 2, etc.)
- Lead certification and attestation efforts, including SOC 2 audits, HITRUST readiness, and other healthcare/security frameworks
- Develop and maintain security and compliance policies, standards, and procedures; ensure they are operationalized and enforced across the organization
- Oversee governance activities including risk assessments, internal audits, compliance reviews, and reporting of KPIs/metrics to leadership
- Own and manage the third-party/vendor risk management program, including security assessments, ongoing monitoring, and partnership with legal/procurement on contract requirements
- Oversee incident response from a governance and compliance perspective, ensuring response plans are in place, coordinating cross-functional efforts, and managing regulatory reporting when required
- Maintain and manage the enterprise risk register, including tracking remediation efforts and escalating risks appropriately
- Coordinate and oversee security awareness and compliance training programs, ensuring effectiveness and adoption across the organization
- Provide regular reporting to the CISO and executive team on security posture, compliance status, and risk landscape
- Monitor the evolving regulatory and industry landscape (healthcare, privacy, SaaS/cloud) and ensure the organization adapts proactively
View Full Description & ApplyYou'll be redirected to the employer's site
