Senior Compliance Specialist

Reporting to the Sr Manager, IT Compliance, the Senior Compliance Specialist will assist with all matters relating to Information Security compliance including SOC 2 Type II, HITRUST, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), ISO 27001, ISO 42001 and ITGC-SOX. This is a full time position that is fully remote.

What you'll do:

Supporting the IT Compliance team with the following responsibilities, but not limited to:

• Develop, execute and ensure adherence to existing and planned compliance programs : Existing : SOC2 / HITRUST / HIPAA and GDPR Compliance; Planned: ISO 27001 / ITGC SOX / FedRAMP etc.
• Lead and manage annual assessment and audit related works (assessment planning, internal assessments, actual assessment interviews, evidence requests coordination, remediation coordination etc.) with external (external assessors other certification authorities) and internal stakeholders (organization wide engineering teams)
• Execution of Supply Chain and Third Party Vendor Management Program
• Support Customer Assurance Program - support customer calls, responding to customer questionnaires etc.
• Provide timely updates and escalations to leadership.
• Use, manage and maintain the GRC tool for effective compliance initiatives and activities
• Perform internal information security risk assessments, document control deficiencies, and develop recommendations for improvement
• Develop and maintain the necessary plans, policies, procedures, and standard operating protocols (SOPs) to support compliance assessments and strengthen Spring Health's overall security posture.
• Conduct continuous monitor activities by regularly - documenting updates to artifacts, risk management, access reviews etc.
• Support Remediation Tracking and Implementation
• Evolve, execute and delivery of information security and privacy awareness training and other role based training programs to build security aware organizational culture

What success looks like:

• Development of a robust Third Party Vendor Management Program
• Maintain and ensure security audit compliance in accordance with HITRUST and SOC 2
• Ensure achievement of team KPIs around regulatory compliance and process improvements

What you'll bring:

• Bachelor's degree plus 5+ years of experience in a compliance focused role.
• Proven experience developing, implementing, and maintaining a comprehensive Third Party Risk Management (TPRM) program in alignment with frameworks such as SOC 2, ISO 27001, and HITRUST, including vendor due diligence, risk assessments, contract and security reviews, ongoing monitoring, and remediation processes.
• Experience with common security frameworks and regulations such as SOC2, HIPAA, GDPR, HITRUST ISO and SOX.
• Demonstrated understanding of emerging information security trends, including changes to security frameworks and regulatory requirements
• Self-starter, organized, efficient, and proactive
• Strong communication and cross organization collaboration skills

The target base salary range for this position is $125,000 - $145,850, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay.

Benefits provided by Spring Health:

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

• Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
• Employer sponsored 401(k) match of up to 2% for retirement planning
• A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
• We offer competitive paid time off policies including vacation, sick leave and company holidays.
• At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
• Access to Noom, a weight management program-based in psychology, that's tailored to your unique needs and goals.
• Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
• Access to Wellhub, which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
• Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
• Up to $1,000 Professional Development Reimbursement a year.
• $200 per year donation matching to support your favorite causes.