Compliance & Security Lead

About The Position

Requirements

• 5+ years of compliance and audit experience at a B2B SaaS or healthcare-tech company
• Demonstrated hands-on ownership of SOC 2 Type II and HIPAA compliance programs.
• Strong working knowledge of NIST, ISO 27001, HITRUST, and related regulatory frameworks
• Experience coordinating with engineering teams on technical controls and evidence collection
• Excellent written and verbal communication skills - able to translate complex requirements into actionable tasks.
• Self-starter who thrives in a dynamic, fast-paced startup environment.

Responsibilities

• Own and maintain Plenful’s compliance roadmap across relevant frameworks (SOC 2, HIPAA, HITRUST).
• Evaluate and consider future certifications; assess relevance and feasibility.
• Partner with Engineering and Security to design, document, and test technical and organizational controls.
• Coordinate evidence collection, policy reviews, gap assessments, and internal training for audit readiness.
• Drive vendor risk management: evaluate security questionnaires, manage relationships with compliance-automation partners
• Perform and maintain company‑wide risk assessments
• Develop and deliver company-wide compliance training
• Respond to customer security questionnaires, RFPs, and due-diligence requests

Benefits

• Comprehensive Benefits Package: Enjoy unlimited PTO, fully covered health insurance (medical, dental, and vision), meal stipend, health & wellness stipend, 401(k) matching, and stock options.
• Mission-Driven, World-Class Team: Join an exceptional group of professionals aligned around a meaningful mission and committed to making an impact.
• Opportunities for Growth: Strengthen your partnership expertise through collaboration with experienced, high-performing leaders across the organization.
• Flexible Work Environment: San Francisco based employees will be hybrid. All other locations are currently remote first.