Senior Compliance Specialist, Spring Health

• Bachelor’s degree plus 5+ years of experience in a compliance focused role
• MUST have demonstrated experience executing successful Customer Security Assurance Program
• Directly working with customers and internal stakeholders to assist with the customer questionnaire response
• Build and maintain comprehensive questionnaire library
• Support customers through their risk assessment process
• Experience with at least of the common security frameworks and regulations such as SOC2, HITRUST/HIPAA, ISO 27001
• Demonstrated understanding of emerging information security trends, including changes to security frameworks and regulatory requirements
• Self-starter, organized, efficient, and proactive
• Strong communication and cross organization collaboration skills

Desirable

• Reporting to the Manager, IT & Compliance, the Senior Compliance Specialist in the role of Customer Security Assurance will assist with all matters relating to the Customer Security Assurance Program as well as supporting the overall Information Security compliance
• Primarily lead your assigned IT Compliance Program as outlined below, but not limited to the following
• Develop, execute, and enhance the existing Customer Security Assurance Program and serve as the primary point of contact to triage and respond to client intake requests related to data privacy and security
• Assist with scheduling, delivery, and follow-ups with existing and prospective customers to ensure risk questionnaires and other risk assessments are completed in a timely manner
• Provide guidance and support to internal teams on customer-specific compliance requirements and best practices
• Prepare and deliver comprehensive compliance reports and documentation to customers as required
• Provide timely updates and escalations to leadership
• Use, manage and maintain the GRC tool for effective compliance initiatives and activities
• Perform internal information security risk assessments, document control deficiencies, and develop recommendations for improvement
• Develop required plans, policies, procedures and SOPs to support compliance assessments and build better security posture for Spring Health
• Conduct continuous monitor activities by regularly - documenting updates to artifacts, risk management, access reviews etc
• Think out of the box and develop solutions to bring more automation and efficiency
• Supporting the IT Compliance team with the following responsibilities, but not limited to:
• Conduct Gap Assessments, develop remediation plans in coordination with required stakeholders
• Support Remediation Tracking and Implementation
• Execution of Supply Chain and Third Party Vendor Management Program
• Support Develop, execute and ensure adherence to existing and planned compliance programs : Existing : SOC2 / HITRUST / HIPAA and GDPR Compliance; Planned: ISO 27001 / ITGC SOX / FedRAMP etc
• Evolve, execute and delivery of information security and privacy awareness training and other role based trainings programs to build security aware organizational culture
• What success looks like in this role:
• Customer Security Assurance Program Execution
• Maintain and ensure security audit compliance in accordance with HITRUST and SOC 2
• Ensure achievement of team KPIs around regulatory compliance and process improvements