Security Compliance Program Manager

About The Position

Requirements

• 4+ years of experience in program management, compliance coordination, security operations, or a similar cross-functional role
• Strong familiarity with SOC 2; exposure to ISO 27001 and/or HITRUST (hands-on experience is a plus, not required)
• Solid project and program management fundamentals, including task tracking, dependency management, and stakeholder follow-up
• Excellent documentation skills and attention to detail (naming conventions, versioning, evidence quality)
• Experience drafting and maintaining policies and procedures aligned to operational reality
• Experience using compliance tools such as Thoropass, Drata, or Vanta (Thoropass preferred)

Nice To Haves

• Acting as a primary owner of compliance programs, not supporting compliance as a side responsibility
• Executing SOC 2, ISO 27001, and/or HITRUST programs end-to-end in growing organizations
• Creating, refining, and maintaining security and compliance policies that reflect real operational practices
• Managing compliance tooling (e.g., Thoropass, Drata, Vanta) and using it to drive accountability and visibility
• Coordinating cross-functionally, tracking dozens of parallel work items, and holding stakeholders accountable to timelines

Responsibilities

• Own the compliance calendar, including timelines, milestones, check-ins, and recurring evidence collection across SOC 2, ISO 27001, and HITRUST.
• Drive audit readiness end-to-end by maintaining compliance roadmaps, dependencies, and deliverables to ensure work stays on track throughout the year.
• Operate Thoropass day-to-day by assigning evidence requests, sending reminders, maintaining clean artifacts, managing dashboards, and supporting basic workflows and access as needed.
• Coordinate audit activities by tracking auditor requests, managing deadlines, and ensuring responses are complete, accurate, and submitted on time.
• Partner cross-functionally with IT, Engineering, Product, HR, Legal, and Operations to assign ownership, align expectations, and drive follow-through.
• Draft, update, and maintain security and compliance policies and procedures that align required controls with real operational practices.
• Create new security and compliance policies as needed to support evolving business practices, audit requirements, and control gaps, ensuring policies are practical, clear, and aligned with how the company actually operates.
• Run compliance operations by managing policy review cycles, control narratives, version control, and evidence consistency across frameworks.
• Track findings and remediation by logging gaps, assigning owners and due dates, and validating closure and remediation evidence.

Benefits

• Full suite of health insurance options, in addition to generous paid time off
• Pre-planned company-wide wellness holidays
• Retirement options
• Health & charitable donation stipends
• Impactful Business Resource Groups
• Flexible work hours & the opportunity to work from anywhere
• The opportunity to work with leading biotech and life sciences companies in an innovative industry with a mission to improve healthcare around the globe