Senior Compliance Manager
Ensure Komodo Health (KH) company operations are in compliance with SOC 2 controls and administrative, technical and physical safeguards are in place to satisfy the HIPAA security rule.
SOC 2 compliance responsibilities include managing our SOC 2 Type 2 certification process and working with our IT and Operations teams to respond to audit requests in a timely manner.
HIPAA security rule compliance responsibilities include administering our schema certification process and coordinating the implementation of technical and physical safeguards to control access to sensitive data, such as patient information.
This role will also work closely with the Data Protection Officer (DPO), Security Operations team and Contracts Operations team to manage all operational risks, while being fully responsible for risk management activities pertaining to protecting and responding to unauthorized access of information and data assets stored on-premise, off-premise, offline and online.
This position is located in our San Francisco office headquarters.
- Work with external auditors to supply evidence for SOC 2 audits and address control gaps identified from these audits
- Evangelize compliance initiatives and engage with operations and development teams to ensure adherence to policy guidelines and compliance standards
- Support Security Operations team to monitor and enforce the application of IT system access policies, procedures
- Point person coordinating with the Security Operations team to respond to security questionnaires, regulatory and technical inquiries concerning IT security compliance matters
- Deliver continuous training program and disseminate information to educate staff on compliance practices and requirements
- Administer, coordinate execution of the schema certification process
- Participate in Risk Management and IT Security steering groups to review and assess security risks with respect to sharing data both internally and externally as well as provide effective guidance on mitigating measures to manage such risks
- Recommend technical solutions in support of security compliance
- Conduct investigations and remediations for compliance incidences and potential violations
- Consult with subject matter expert and attorneys on compliance matters as well as work with professionals to vet system security and SLA compliance related contractual language and legal obligations
- 5+ years of IT security compliance experience (program management experience a plus)
- 3+ Experience assisting auditors with SOC 2 audits and other due diligence audit activities
- Solid grasp of IT controls frameworks, such as COSO and CIS
- Working experience as an information security and cyber protection professional highly desirable, especially working knowledge operating antivirus/patch management integration systems, such as Rippling, identity management systems, such as AWS IAM and OAuth, and vulnerability management and SIEM systems, such as Alienvault
- Experience in healthcare data and healthcare industry a plus
- Stakeholder management experience
- Demonstrate approachable, professional demeanour
- Ability to handle multiple assignments simultaneously
- Experience working at startups and rapidly growing organizations
- Good "translator" of legal requirements into technical control language
- Good organizational talent and motivation to maintain good quality documentation
- Good understanding of project management
- High level of independence and integrity
- Great writing, presentation and communication skills