Security Compliance - Technical Program Manager

About The Position

Nice To Haves

• Experience leading HITRUST certification and readiness programs (e1, i1, r2), including control implementation, gap remediation, and audit support in HIPAA-regulated environments
• Strong understanding of HIPAA Security, Privacy, and Breach Notification Rules, with hands-on experience implementing safeguards for ePHI in cloud and distributed systems
• Proven ability to design and scale compliance programs in high-growth or hyperscale environments, balancing regulatory requirements with engineering velocity
• Experience aligning HITRUST CSF with frameworks such as HIPAA, ISO 27001, SOC 2, and NIST to streamline controls, enable inheritance, and reduce audit overhead
• Deep knowledge of cloud-native security controls, including IAM, encryption (at rest and in transit), logging and monitoring, network segmentation, and container/Kubernetes security
• Experience implementing and operating administrative, physical, and technical safeguards in accordance with HIPAA and HITRUST requirements
• Demonstrated ability to drive continuous compliance, automation, and compliance-as-code initiatives in engineering-driven environments
• Experience supporting customer assurance, security reviews, and BAA obligations, including responding to due diligence and regulatory requirements
• Strong analytical, communication, and stakeholder management skills, with the ability to translate complex compliance requirements into actionable guidance
• Relevant certifications such as HITRUST CCSFP, CISSP, CISA, CISM, CRISC, or equivalent

Responsibilities

• Own and drive the HITRUST program end-to-end, ensuring alignment with HIPAA Security, Privacy, and Breach Notification Rules and obligations under Business Associate Agreements (BAAs)
• Define, document, and continuously refine the HITRUST control environment, including data flows, system boundaries, and trust zones for systems that store, process, or transmit electronic Protected Health Information (ePHI)
• Partner closely with Product, Engineering, Infrastructure, and Security teams to design and implement secure, scalable, and HIPAA-aligned solutions that meet HITRUST CSF requirements
• Lead HITRUST (e1/i1/r2) assessment readiness and certification efforts, including risk-based scoping, gap assessments, control maturity evaluations, and cross-functional remediation programs
• Act as the primary liaison for HITRUST External Assessors, managing assessment readiness, validated assessment processes, evidence collection, and certification lifecycle
• Ensure effective implementation of administrative, physical, and technical safeguards to protect ePHI in accordance with HIPAA and HITRUST requirements
• Drive continuous compliance and monitoring initiatives, including automation of evidence collection, control validation, and reporting across cloud-native and hybrid environments
• Translate HITRUST CSF, HIPAA, and contractual (BAA) requirements into actionable technical and operational controls, enabling secure-by-design architectures
• Support and enforce data protection principles such as minimum necessary access, encryption, secure transmission, audit logging, and incident response for ePHI
• Identify and implement opportunities to reduce compliance overhead and audit fatigue through control rationalization, inheritance, and alignment across frameworks (SOC 2, ISO 27001, NIST, etc.)
• Manage compliance and certification lifecycles, ensuring accurate tracking of controls, risks, corrective action plans (CAPs), and audit artifacts
• Continuously assess and improve control maturity, effectiveness, and risk posture, with a focus on protecting sensitive healthcare data
• Develop and maintain high-quality documentation (policies, standards, procedures, BAAs, and audit evidence) aligned with HITRUST and HIPAA requirements
• Track and communicate program health, compliance posture, risks, and remediation progress to internal stakeholders, leadership, and customer-facing teams
• Support customer assurance activities, including security questionnaires, due diligence requests, and discussions related to HITRUST certification and HIPAA compliance
• Mentor and guide junior team members and control owners on HITRUST, HIPAA, and healthcare compliance best practices

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption