Senior Compliance Specialist

About The Position

Requirements

• Bachelor’s degree in Compliance, Healthcare Administration, Business, Law, Risk Management, Information Security, Public Policy, or related field (or equivalent experience).
• 3–7+ years of experience in compliance, risk management, regulatory affairs, privacy, healthcare operations, audit support, or a related field.
• Experience responding to vendor/customer security and compliance questionnaires.
• Experience supporting or participating in SOC audits (SOC 1 and/or SOC 2).
• Demonstrated ability to research, review, and interpret state and federal regulations and assess business impacts.
• Strong written communication skills with the ability to draft professional, clear, and defensible compliance responses.
• Experience coordinating across multiple departments and managing competing priorities.
• Strong analytical and critical thinking skills.
• Ability to use AI tools to assist in drafting reports, conducting market research, and optimizing daily administrative tasks.
• Ability to understand and synthesize complex legal and regulatory requirements.
• Exceptional attention to detail and organizational skills.
• Ability to manage multiple projects and deadlines simultaneously.
• Strong collaboration and stakeholder management skills.
• Comfortable reviewing audit reports, control frameworks, and technical documentation.
• Proficiency with Microsoft Office (especially Excel, Word, and PowerPoint).

Nice To Haves

• Experience in healthcare, healthcare technology, healthcare clearinghouse, payer, workers’ compensation, or regulated technology environments.
• Familiarity with: HIPAA / HITECH, CMS regulations, State healthcare/privacy requirements, SOC 1, SOC 2, HITRUST, NIST, ISO 27001, NIST, Workers’ Compensation and State Regulations, Third-party risk management and vendor oversight.
• Experience with compliance Third Party Security Vendor questionnaires from customers, insurers, higher education, or enterprise procurement organizations.
• Professional certifications: Certified in Healthcare Compliance (CHC), Certified Information Systems Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Compliance & Ethics Professional (CCEP), Certified Third-Party Risk Professional (CTPRP).
• Experience with GRC/compliance tools.

Responsibilities

• Lead and coordinate responses to customer, partner, and vendor due diligence questionnaires, including security, privacy, compliance, and risk assessments.
• Manage responses for industry-standard assessments and frameworks, including but not limited to: SOC 1 / SOC 2, HIPAA / HITECH, HITRUST, Shared Assessment AUP Full SIG, NIST Cybersecurity Framework, ISO 27001, HECVAT and other customer-specific security/compliance assessments.
• Gather supporting evidence, coordinate internal stakeholders, and maintain a repository of standard responses and supporting documentation.
• Identify response gaps and work with internal teams to drive remediation or clarification.
• Coordinate activities supporting annual external audits and attestations, including SOC audits.
• Assist in collecting evidence, validating controls, and preparing documentation for auditors.
• Review SOC reports and control narratives to understand organizational obligations, risks, and remediation opportunities.
• Monitor compliance with internal controls and assist in control testing and documentation.
• Research, interpret, and analyze state and federal regulations impacting the organization.
• Monitor regulatory developments related to healthcare, privacy, cybersecurity, claims processing, electronic transactions, and data exchange.
• Review and summarize laws, regulations, guidance, and proposed rulemaking into business-friendly recommendations.
• Support assessments of operational impacts from new or changing requirements.
• Assist with drafting, reviewing, and maintaining organizational compliance policies, procedures, standards, and controls.
• Evaluate policies against regulatory and contractual obligations.
• Support risk assessments, compliance monitoring, and internal reviews.
• Maintain documentation supporting audits, customer reviews, and compliance evidence requests.
• Partner with Information Security, Legal, Operations, Product, and Business teams to evaluate compliance implications of new initiatives, vendors, products, and services.
• Participate in compliance-related meetings and provide subject matter support on regulatory and contractual requirements.
• Support preparation of executive summaries, compliance reporting, and customer-facing compliance materials.

Benefits

• medical
• dental
• vision coverage
• 401(k) with company match
• paid time off