Information & Security Program Manager
About The Position
Medicom is seeking an Information Security Program Manager to join our Compliance team and lead the company’s information security and regulatory compliance programs. As a healthcare data company, Medicom must meet the highest standards for data protection while supporting rapid product development and growth. In this role, you will own Medicom’s internal compliance programs and partner closely with Engineering and cross-functional leaders to ensure security and compliance are embedded into our products, systems, and processes. You will play a critical role in maintaining HIPAA compliance while preparing the organization for additional frameworks such as SOC 2, GDPR, and FedRAMP.
Requirements
- 8+ years of experience in compliance, information security, privacy, or risk management, preferably within healthcare, health tech, or SaaS environments.
- Strong working knowledge of industry frameworks and federal, regional, and state regulations such as HIPAA, SOC 2, CCPA, and GDPR; experience with FedRAMP is a plus.
- Proven ability to interpret complex regulatory requirements and translate them into practical, actionable guidance.
- Experience leading external audits, certifications, or regulatory assessments.
- Excellent documentation, organizational, and program management skills.
- Strong written and verbal communication skills, with the ability to align cross-functional stakeholders.
- Comfortable working independently and proactively in a fast-paced, growing organization.
Nice To Haves
- CISSP (Certified Information Systems Security Professional) certification strongly preferred or other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Systems Security Engineering Professional)
Responsibilities
- Own and lead Medicom’s internal compliance and security programs, ensuring ongoing adherence to HIPAA, HITRUST, GDPR, SOC 2, and other evolving regulatory frameworks and standards.
- Partner closely with the Engineering team to incorporate security and compliance requirements into product design, feature development, and system architecture.
- Develop, maintain, and clearly communicate to internal and external stakeholders Medicom’s information security program, including controls, risk areas, and known limitations.
- Lead preparation for new compliance certifications and readiness efforts (e.g., SOC 2 Type 2, GDPR certification, FedRAMP readiness).
- Serve as the primary coordinator for the Confidentiality & Security Team (CST), including agenda setting, monthly meetings, and executive-level reporting.
- Manage all aspects of SOC 2 audits, including coordination with third-party auditors and internal stakeholders.
- Act as a trusted internal advisor, providing guidance, education, and support on compliance and security-related topics across the organization.
- Monitor changes in relevant laws, regulations, and industry standards, recommending and implementing updates to internal policies and processes.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
