Compliance Manager

Remote Full-time

The Compliance Manager is responsible for managing and expanding ZERO's comprehensive compliance program, ensuring the organization maintains the highest standards of security, privacy, and regulatory adherence.
Description

The Compliance Manager is responsible for managing and expanding ZERO's comprehensive compliance program, ensuring the organization maintains the highest standards of security, privacy, and regulatory adherence. This role owns the day-to-day execution of compliance frameworks including SOC 2 Type 2, HIPAA attestation, and will drive ISO 27001 certification efforts. The Compliance Manager serves as the bridge between regulatory requirements and operational excellence, working cross-functionally to embed compliance into ZERO's culture and processes while maintaining the agility and efficiency that defines our organization.This is a hands-on role that goes beyond traditional compliance management. In addition to owning compliance frameworks and certifications, this position handles contract reviews for compliance and technical legal considerations, manages vendor security assessments, builds customer-facing trust programs, and contributes to broader security operations. The ideal candidate combines deep compliance expertise with practical security operations experience and can translate complex regulatory requirements into actionable, scalable processes.Key ResponsibilitiesCompliance Program ManagementOwn and manage ZERO's SOC 2 Type 2 compliance program, including evidence collection, control implementation, and annual audit preparationMaintain HIPAA compliance attestation and ensure ongoing adherence to HIPAA Security Rule, Privacy Rule, and Breach Notification requirementsDrive ISO 27001 certification efforts, including gap analysis, ISMS implementation, and certification audit preparationMaintain compliance with Gramm-Leach-Bliley Act (GLBA) requirements, including privacy notices, safeguards, and information security programsEstablish and maintain compliance documentation, policies, procedures, and control evidence in DrataMonitor regulatory landscape for changes affecting healthcare technology and adjust compliance program accordinglyCoordinate with external auditors and assessors to ensure successful audit outcomesDevelop and track key compliance metrics and KPIs, reporting status to leadershipRisk Management & AssessmentConduct regular risk assessments to identify compliance gaps and security vulnerabilitiesBuild and maintain risk register with mitigation strategies and ownership assignmentsPerform vendor risk assessments and manage third-party compliance due diligenceLead security questionnaire responses (SIGs, VSAs, custom security assessments) for prospects and customersReview and assess impact of new technologies, processes, and business initiatives on compliance postureIdentify and escalate compliance risks to Director of Cloud Systems and Security and CTOContract & Legal ReviewReview customer contracts, Business Associate Agreements (BAAs), Data Processing Agreements (DPAs), and vendor agreements for compliance and technical legal considerationsEnsure contract terms align with ZERO's security capabilities, compliance obligations, and risk toleranceCollaborate with legal counsel and executive team on complex contract negotiationsMaintain library of standard compliance and security contract languageFlag technical commitments in contracts that require engineering or infrastructure changesTrust & Transparency ProgramsBuild and maintain customer-facing Trust Center in Drata showcasing security and compliance postureCreate and manage security documentation for customers including security white papers, compliance summaries, and certification evidenceRespond to customer security and compliance inquiries with clear, accurate informationSupport sales and customer success teams with compliance-related customer questionsMaintain public-facing compliance certifications and attestationsTraining & AwarenessDevelop and deliver comprehensive HIPAA training program for all employees, including role-specific trainingExpand security awareness training program to cover SOC 2, GLBA, and general security best practicesCreate and maintain training documentation, videos, and resources accessible to all team membersTrack training completion and ensure annual recertification requirements are metBuild culture of security and privacy awareness across the organizationConduct onboarding training for new employees on compliance and security policiesSecurity Operations SupportAssist with security operations activities such as log monitoring, alert triage, and incident response as needed based on experience and skillsetParticipate in Security Operations Center (SOC) or Network Operations Center (NOC) activities during high-priority events or coverage gapsContribute to security tool configuration and monitoring (SIEM, EDR, vulnerability scanning, etc.)Support incident response activities including documentation, communication, and remediation trackingAssist with vulnerability management program including scan review and remediation verificationHelp maintain security infrastructure and tooling as neededCross-Functional CollaborationPartner with Engineering teams to implement technical security controls required by compliance frameworksWork with Cloud Systems and Security team on infrastructure security and compliance requirementsCollaborate with Data and Analytics team on data governance, retention, and privacy controlsSupport Employer Experience, Member Experience, and Provider Experience teams on customer-facing compliance requirementsProvide compliance guidance to Product Management on new features and productsEnsure Accounting and HR teams maintain compliance with employee data privacy requirementsContinuous ImprovementIdentify opportunities to automate compliance evidence collection and control monitoringStreamline compliance processes to reduce operational overhead while maintaining effectivenessStay current on compliance automation tools and GRC platform capabilitiesRecommend and implement process improvements that enhance security without hindering productivityBuild scalable compliance frameworks that support ZERO's growthQualificationsRequired:3-5+ years of experience in compliance, security, or GRC (Governance, Risk, and Compliance) roles, preferably in healthcare technology or SaaSDeep knowledge of SOC 2 Type 2 requirements and experience managing annual auditsStrong understanding of HIPAA Security Rule, Privacy Rule, and Breach Notification RuleExperience with compliance management platforms (Drata, Vanta, Secureframe, or similar)Proven track record of contract review and assessment for security and compliance considerationsExperience responding to customer security questionnaires (SIGs, VSAs, custom assessments)Strong understanding of information security controls, risk management frameworks, and security best practicesExcellent written and verbal communication skills with ability to explain complex compliance topics to non-technical audiencesStrong organizational skills and attention to detailAbility to work independently and manage multiple priorities in a fast-paced environmentBachelor's degree in Information Security, Computer Science, Business, or related field, or equivalent experienceStrongly Preferred:Direct experience achieving ISO 27001 certificationKnowledge of Gramm-Leach-Bliley Act (GLBA) compliance requirementsProfessional certifications such as CISSP, CISA, CISM, CRISC, or similarExperience with security operations (SOC/NOC), log analysis, or incident responseTechnical background with understanding of cloud infrastructure (AWS, Azure, GCP)Experience in startup or high-growth SaaS environmentsFamiliarity with healthcare payer operations and self-funded health plansExperience building Trust Centers or customer-facing security documentationKnowledge of data privacy regulations (GDPR, CCPA, state privacy laws)Nice to Have:HITRUST certification experienceExperience with penetration testing coordination and vulnerability managementScripting or automation skills (Python, Bash, PowerShell)Understanding of medical claims processing and PHI data flowsPrevious experience in healthcare compliance (health plan, provider, or healthcare IT)Knowledge of PCI-DSS or other industry-specific compliance frameworksExperience with business continuity and disaster recovery planningFamiliarity with Atlassian suite (Jira, Confluence) and Google WorkspaceWhat Makes You Successful at ZEROYou believe compliance should enable business growth, not hinder itYou can translate regulatory requirements into practical, implementable controls without creating unnecessary bureaucracyYou're comfortable working across technical and non-technical teams, adapting your communication style appropriatelyYou're proactive about identifying risks and proposing solutions, not just flagging problemsYou can balance "perfect compliance" with "good enough for now" based on risk and business contextYou thrive in environments where you wear multiple hats and contribute beyond your core roleYou view compliance as a team sport and can build buy-in across the organizationYou treat sensitive healthcare data with the utmost care and understand the critical importance of privacyYou're detail-oriented without losing sight of the bigger pictureYou're energized by building and improving systems, not just maintaining status quoYou can work independently with minimal oversight while knowing when to escalate or collaborateWorking at ZEROThis role offers the opportunity to:Build and mature a compliance program at a high-growth healthcare technology companyOwn end-to-end compliance frameworks from strategy through executionWork directly with executive leadership on strategic security and compliance initiativesShape ZERO's security culture during a critical growth phaseExpand your technical security skills while leveraging your compliance expertiseMake direct impact on products that eliminate financial barriers to healthcare for thousands of membersCollaborate with a talented, mission-driven team across engineering, operations, and business functionsGrow your career as ZERO scales - potential to build and lead a compliance and security teamZERO values direct communication, pragmatic problem-solving, and a culture where team members are empowered to take ownership and make decisions. As Compliance Manager, you'll be a key partner to leadership in protecting our members' data and maintaining the trust of our customers while enabling the business to move quickly and serve more people.The position requires treating sensitive data according to established company policies and maintaining the highest standards of confidentiality and integrity. You must be able to pass a criminal background check.

About the Company

We’re building a member-first healthcare experience that allows providers to focus more on their patients while getting paid fast and hassle-free; which saves employers as much as 50% on the cost of care; enabling care to be $0 out-of-pocket for plan members. No copays. No deductibles. No coinsurance. It’s healthcare the way it should be.



Apply Now

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

FP&A Manager, Treasury

Remote

CLOC (Corporate Legal Operations Consortium)

Remote

Remote Part-time ENGLISH Teacher: ELA all levels and/or TESL

Remote

Quantitative Analyst; Remote

Remote

Need Dean of Students/Social Worker in Minnesota

Remote

Remote Clinical Trial Support Specialist (Multiple Openings)

Remote

[Remote] Coding Compliance Audit & Education Specialist

Remote

Remote Admin Support - Data Entry Role

Remote

Customer Service Representative - Providing Exceptional Support to blithequark Customers

Remote

barista - Store# 21797, DOWNTOWN DISNEY MARKETPLACE

Remote
← Back