Remote Senior Compliance Specialist - Customer Security Assurance Job in United States Spring Health

Who you are

• Bachelor’s degree plus 5+ years of experience in a compliance focused role
• MUST have demonstrated experience executing successful Customer Security Assurance Program
• Directly working with customers and internal stakeholders to assist with the customer questionnaire response
• Build and maintain comprehensive questionnaire library
• Support customers through their risk assessment process
• Experience with at least one of the common security frameworks and regulations such as SOC2, HITRUST/HIPAA, ISO 27001
• Demonstrated understanding of emerging information security trends, including changes to security frameworks and regulatory requirements
• Self-starter, organized, efficient, and proactive
• Strong communication and cross organization collaboration skills

Desirables

• Experience with Vendor Security Management
• Enterprise and IT Risk Management
• Relevant certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor are highly desirable

What the job involves

• Develop, execute, and enhance the existing Customer Security Assurance Program and serve as the primary point of contact to triage and respond to client intake requests related to data privacy and security
• Assist with scheduling, delivery, and follow-ups with existing and prospective customers to ensure risk questionnaires and other risk assessments are completed in a timely manner
• Provide guidance and support to internal teams on customer-specific compliance requirements and best practices
• Prepare and deliver comprehensive compliance reports and documentation to customers as required
• Use, manage and maintain the GRC tool for effective compliance initiatives and activities
• Perform internal information security risk assessments, document control deficiencies, and develop recommendations for improvement
• Conduct continuous monitor activities by regularly documenting updates to artifacts, risk management, access reviews etc.
• Develop required plans, policies, procedures and SOPs to support compliance assessments and build better security posture for Spring Health
• Conduct Gap Assessments, develop remediation plans in coordination with required stakeholders
• Ensure adherence to existing and planned compliance programs: Existing: SOC2 / HITRUST / HIPAA and GDPR Compliance; Planned: ISO 27001 / ITGC SOX / FedRAMP etc.
• Evolve, execute and delivery of information security and privacy awareness training and other role based trainings programs to build security aware organizational culture

Application process

• The target base salary range for this position is $125,000 - $145,850, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually at minimum to ensure competitive and fair pay.
• At Spring Health we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we strongly encourage you to apply.
• To ensure intentional and equitable hiring practices, we use a balanced candidate slate in our interviews. This approach guarantees that our pool of qualified candidates includes individuals who are underrepresented in our organization at all levels.
• To ensure intentional and equitable hiring practices, we use a balanced candidate slate in our interviews. This approach guarantees that our pool of qualified candidates includes individuals who are underrepresented in our organization at all levels.