Information Security Lead / Compliance Manager
Location: You can either work remotely or in Redwood City, CA
The company's product is in the realms of health, mobile, AI, augmented reality, computer vision, HR benefits, and retail. It is a mission-driven company.
The company was named one of Fast Company's most innovative companies under 50 employees. Its founder has been named to Forbes 30 under 30.
The company has raised series B funding and thousands of customers including many Fortune 500 companies. It has about 50 employees and 13 engineers and is rapidly growing.
This is an exciting opportunity to join a fast-growing healthcare B2B company that serves large clients and undergoes rigorous annual audits to maintain trust and security.
The company will pay a salary up to $180k, plus annual performance bonuses (up to 10% of salary) and equity which could be lucrative.
Job Responsibilities:
- Ensuring the company meets critical compliance standards, including SOC 2, HIPAA, and HiTrust.
- Taking full ownership of the compliance function, working directly with leadership to manage audits, implement IT security protocols, and overseeing training programs
- You'll be instrumental in shaping the company's security posture as it scales, deepening its compliance and expanding its programs to meet the increasing complexity of its operations.
- Impacting the company's growth while building a scalable and robust security framework, with opportunities for leadership and strategic influence in the coming years.
- Leading the execution of annual audits for SOC 2, HIPAA, and HiTrust, ensuring the company meets and exceeds compliance requirements.
- Developing, managing, and tracking annual compliance training programs for all employees.
- Overseeing IT security tasks, including provisioning laptops, setting up compliant firewalls, and maintaining VPNs in line with industry best practices.
- Conducting quarterly security and compliance review meetings to identify risks, escalate issues, and drive necessary changes to maintain security posture.
- Managing client-facing calls for security due diligence and provide audit evidence to external auditors.
- Monitoring and improving SLAs for addressing data breaches or compliance gaps, ensuring timely resolution of critical issues.
- Collaborating with leadership to continuously improve compliance initiatives and scale security programs as the company grows.
Qualifications:
- At least 8 years of relevant professional experience.
- Experience managing HIPAA compliance.
- At least 5 years of experience managing compliance programs for SOC 2, HiTrust, or similar frameworks at a software company with 80+ employees.
- A proven track record of handling HIPAA, SOC 2, and HiTrust audits from start to finish, including providing evidence to auditors and managing security training.
- Strong IT skills, including experience with laptop provisioning, firewall setup, and VPN maintenance, with a focus on security.
- Demonstrated ability to manage and improve compliance processes, including tracking training programs, running penetration tests, and ensuring adherence to security protocols.
- Strong program management and organizational skills, with experience coordinating cross-functional stakeholders and managing quarterly security reviews.
- Excellent communication and client-facing skills, with the ability to present security protocols and audit findings to both internal teams and external auditors.
About Skyrocket Ventures
Skyrocket Ventures is a recruiting firm for hundreds of high growth technology companies that range from industry leaders to top-tier startups. This opportunity is with one of our client companies for a full-time permanent hire. Please only apply if you are authorized to work in the U.S.
Please note that even if this job is not a perfect match, we encourage you to apply as long as it is in the ballpark. Companies are often flexible in hiring candidates who do not perfectly fit their written job description, as long as the most important qualifications are there and the candidate is good in general.
Most of the jobs we are recruiting for are not posted online, so if you would like to know of all the opportunities we have that match your interests and qualifications, then please get in touch with us.
After you apply to this job posting, we’ll consider you for this job as well as any other potential matches with our client companies. If we have any potential matches, we’ll share your resume with those companies and contact you about any interview opportunities we can get you.
Thank you, and we wish you a great job search!