Compliance Program Manager
Who We Are
Komodo Health is addressing the global burden of disease through the development of the world’s most actionable map of healthcare data. Our solutions drive a more transparent, efficient and productive healthcare ecosystem through the creation of quantitative solutions to qualitative problems.
As a fast growing startup that has already partnered with multiple Fortune 500 companies, we have very ambitious goals that have been designed with career development in mind. As a company, we value our culture of encouraging growth, collaboration, and constructive debate as well as delivering innovative solutions that “wow” our customers.
The Opportunity at Komodo Health
We are looking for a Compliance Program Manager to ensure that we are in compliance with industry standards that regulate organization’s risk management, security processes and practices, such as SOC 2 Type II, HITRUST Common Security Framework and HIPAA Data and Security Rules.
After 3 months, you will…
- Complete all compliance training sessions, including HIPAA 101, 201 and 301 training
- Align with Engineering leadership team on a roadmap and objectives for the Trust & Safety program
- Analyze resource requirements and risks for achieving compliance program objectives
In the first year you will accomplish:
- You will be able to work effectively with key members of Komodo Health’s management team, including those from Legal Counsel, Security Operations, People Operations, Technical Program Management, Engineering Management and IT Operations teams.
- You will own full accountability for operationalization of compliance policies and processes related to SOC 2 certification and 3rd Party risk management
- You will share responsibility with Technical Program Management and Engineering Management for operationalization of data control management activities and ensure these activities sufficiently manage risks of complying with data use agreements and privacy regulations.
- Have supervised and directed the efforts of others in the compliance management team and expanding the team as needed to meet compliance program objectives
- Evangelized compliance initiatives and engaged with other key stakeholders to ensure adherence to policy guidelines and compliance standards
- Obtained follow on SOC 2 Type II certification for Komodo’s flagship product line, Aperture
~In assuming these responsibilities, you will have:
- Completed gap assessment to expand the scope of SOC 2 certification process to include other product lines, such as Pulse
- Delivered continuous training program and disseminate information to educate staff on compliance practices and requirements
- Streamlined the process of coordinating and compiling responses to 3rd party risk management questionnaires
What You Bring to Komodo
- 5+ years of IT security compliance experience (program management experience a plus)
- 3+ Experience assisting auditors with SOC 2 audits and other due diligence audit activities
- Solid grasp of IT controls frameworks, such as COSO and CIS
- Working experience as an information security and cyber protection professional highly desirable, especially working knowledge operating antivirus/patch management integration systems, such as Rippling, identity management systems, such as AWS IAM and OAuth, and vulnerability management and SIEM systems, such as Alienvault
- Experience in healthcare data and healthcare industry a plus
- Stakeholder management experience
- Demonstrate approachable, professional demeanour
- Ability to handle multiple assignments simultaneously
- Experience working at startups and rapidly growing organizations
- Good "translator" of legal requirements into technical control language
- Good organizational talent and motivation to maintain good quality documentation
- Good understanding of project management
- High level of independence and integrity
- Great writing, presentation and communication skills