Manager of Security and Compliance

We are looking for a Manager, of Security and Compliance to join our quickly growing Technology team! A critical part of our growing operations, you’ll be responsible for designing, implementing, and maintaining the security and privacy infrastructure that safeguards our organization and ensures HIPAA and HITECH compliance.  

What you’ll do: 

Experienced in healthcare security and risk management, you will be comfortable developing scalable policies, managing incidents, and driving proactive compliance initiatives. You bring deep knowledge of regulatory requirements, a strong technical foundation in security systems, and the ability to collaborate cross-functionally to protect sensitive data and ensure trust. Reporting to the SVP of Technology and a strong partnership with the Chief Privacy Officer, this is an opportunity for someone energized by building secure systems and processes from the ground up - someone passionate about advancing healthcare through rigorous protection of patient information. 

 

Key areas where you’ll add value: 

• Design, implement, and continuously improve HIPAA and HITECH-aligned security and privacy policies, leveraging platforms like Vanta to streamline compliance workflows and maintain ongoing audit readiness. 

 

• Lead the requirements and optimization of Microsoft’s security protection suite to secure organizational data, prevent threats, and ensure integrity across our digital ecosystem. 

 

• Conduct annual and Risk Assessments (RAs), identify and prioritize vulnerabilities, and implement effective mitigation strategies to reduce organizational risk exposure. 

 

• Develop and refine incident response protocols tailored to healthcare-specific threats, coordinate response efforts across multi-functional teams, and ensure timely, compliant breach notifications in line with HIPAA Breach Notification Rule requirements. 

 

• Collaborate with IT to safeguard patient information by ensuring access controls, encryption, and audit logging are in place and aligned with HIPAA technical safeguards. 

 

• Protect systems against unauthorized activity by ensuring effective role-based access controls, logging, and monitoring across internal systems and platforms. 

 

• Enforce HIPAA and cybersecurity training programs across the organization, equipping staff with the knowledge to identify risks and securely handle ePHI and sensitive data. 

 

• Evaluate and manage Business Associate Agreements (BAAs) and enforce security standards across our vendor ecosystem. 

 

• Maintain comprehensive documentation and guide the enforcement of security practices.  

 

• Track and report key performance indicators (KPIs), such as patching timelines, access violations, and incident response times, to drive continuous improvement and transparency. 

 

What you’ll bring 

 

• 6+ years of experience in healthcare security and risk management 

• Experience developing and scaling policies and initiatives  

• Deep knowledge of regulatory requirements: HIPPA, HITECH 

• Hands-on experience implementing and maintaining technical security systems and guardrails 

• Proven ability to investigate privacy incidents and make handling recommendations 

• Extensive experience with all aspects of risk management and mitigation 

• Focus on protecting patient privacy 

• Startup experience is strongly preferred  

 

The expected salary range for this position is $150,000 – $175,000, based on experience and alignment with role expectations. In addition to base compensation, we offer a competitive equity package, comprehensive health benefits, and flexible work arrangements.