U.S. Healthcare Compliance Lead (Tech/Ai)

We are seeking a Compliance Lead with deep expertise in US healthcare regulations, specifically HIPAA and HITRUST. You'll be the company's subject matter expert in regulatory compliance, responsible for designing, implementing, and maintaining scalable compliance programs that support innovation while mitigating risk.

Key Responsibilities:

• Regulatory Compliance

• Own and manage compliance programs related to HIPAA, HITRUST and other US-focused Compliance requirements

• Lead risk assessments, gap analyses, and readiness reviews.

• Serve as the internal expert on federal and state healthcare privacy and security laws.

• Audit and Certification

• Oversee annual audits and certification efforts such as HITRUST, SOC 2 Type 2, ISO 27001.

• Work cross-functionally with security, engineering, and product teams to ensure audit readiness.

• Policy Development & Governance

• Draft, update, and enforce internal compliance and data privacy policies.

• Develop and maintain documentation of compliance processes and controls.

• Training & Awareness

• Lead training programs across the organization to promote a culture of compliance in topic-specific areas.

• Stay ahead of evolving regulations and advise stakeholders on regulatory impact.

• Risk Management

• Identify, track, and remediate compliance risks.

• Collaborate with Legal, Security and Product teams to design and implement controls that protect PHI and other sensitive data.

• Stakeholder Management

• Act as a point of contact for external auditors and client representatives.

• Support enterprise customers with compliance-related due diligence, RFPs, and security questionnaires.

Qualifications:

• 3+ years of experience in a compliance, risk, or security role in the US healthcare or health tech industry. Familiarity with the European healthcare landscape is a plus.
• Deep knowledge of HIPAA, HITRUST, and one or more of ISO 27001 or SOC 2 Type 2 frameworks.
• Proven experience leading external audits and compliance certifications.
• Experience working in a SaaS, AI, or healthtech environment.
• Strong understanding of data governance, privacy laws (e.g., CCPA, GDPR, DTAC), and third-party risk management.

Preferred:

• Certifications such as CIPP/US, CIPP/E, CHC, CHPC, CISSP, CISA, or similar.
• Experience building compliance programs from the ground up in a startup or high-growth tech environment.
• Familiarity with AI/ML governance, ethical AI, or data ethics in healthcare.
• Using a Compliance management platform such as Vanta

Key Competencies:

• Strategic and hands-on mindset - willing to dive into details when needed.
• Strong interpersonal and communication skills - able to work with technical and non-technical teams.
• Proactive and solution-oriented - able to navigate ambiguity and scale compliance frameworks for growth.
• High integrity and commitment to ethical standards.

We provide a competitive salary range for this role - which is $130,000 - $150,000 - depending on level and experience. Please note this range is intended as a guide, not a guarantee. Final compensation will be based on individual qualifications, relevant experience, and the scope of the role.

In addition to salary, this position includes equity in the business, giving you the opportunity to share in the company's long-term success.

Benefits

Participation in the company's employee share options plan

100% of Single Cost (employee) and 70% of Dependent for medical, dental & vision

Life Insurance

️ STD and LTD

The opportunity to contribute to the company's 401k plan

Flexible PTO policy + 11 designated company holidays

Annual learning and development allowance

We're all about making WFH work for you - that's why you'll receive a one-off WFH allowance when you join. Offering perks like noise-cancelling headphones or a comfortable desk chair to boost your comfort and focus!

Enhanced parental leave

Company-funded fertility and family-forming programmes

Menopause care programme with Maven