Lead Compliance Specialist

At IMO Health, we are seeking a highly motivated Lead Compliance Specialist to strengthen our Governance, Risk, and Compliance (GRC) program. In this role, you will help mature our security and compliance posture by managing risk assessments, control testing, audits, and cross-functional initiatives that support regulatory and customer requirements. The ideal candidate will bring expertise in frameworks such as SOC 2, HIPAA, HITRUST, and/or ISO 27001, and experience working in a fast-paced, cloud-first environment. 

IMPACT YOU'LL MAKE:

• As our Lead Compliance Specialist, you’ll serve as a key operational leader within our compliance program—helping ensure we meet the evolving expectations of regulators, auditors, partners, and customers. Your work will ensure policies, controls, and evidence are not only audit-ready but aligned to the business. You’ll help shape a culture of compliance, reduce risk, and support trust in everything we do. 

WHAT YOU'LL DO:

• Oversee vendor risk management activities and manage due diligence reviews. 
• Partner with Security and HR teams to support training, awareness, and ethics initiatives. 
• Track and manage risk remediation efforts across teams to ensure timely closure of Contribute to the planning and execution of internal and external audits (e.g., SOC 2, HIPAA, HITRUST, ISO 27001). 
• Develop, implement, and maintain policies, procedures, and controls aligned with regulatory requirements and industry frameworks (e.g., ISO 27001, NIST, HIPAA, HITRUST, SOC 2). 
• Coordinate with Legal, IT, Security, HR, and Engineering to ensure cross-functional compliance. 
• Contribute to risk assessments, including identification, analysis, and mitigation of security, privacy, compliance, and operational risks. 
• gaps and findings. 
• Provide compliance guidance and support during customer security reviews and RFPs. 
• ·Drive improvements to GRC processes, tools, and technologies. 
• Prepare reports for senior leadership on GRC metrics, risks, compliance status, and emerging threats. 
• Support incident response and post-incident reviews to ensure appropriate documentation, reporting, and follow-up actions. 
• Train and mentor the organization on compliance processes and expectations. 
• Monitor regulatory developments and support program updates in response to changes. 

WHAT YOU'LL NEED:

• 4+ years of experience in regulatory compliance, audit, risk management, or a related field. 
• Demonstrated expertise in HIPAA and privacy laws, with a strong aptitude for navigating complex regulatory requirements. 
• Familiarity with GRC platforms or compliance automation tools. 
• Excellent organizational skills and attention to detail—able to manage multiple deadlines. 
• Strong communication and interpersonal skills to influence and align stakeholders across departments. 
• A collaborative mindset with the ability to lead through influence, not just authority. 
Bonus Points For 
• Experience in healthcare, SaaS, and cloud-based environments. 
• Understanding of compliance frameworks such as SOC 2, HITRUST, or ISO 27001. 
• Industry certifications (e.g., CISA, CCSFP, CHPC, CIPM, or similar). 
• Exposure to privacy regulations like GDPR, CCPA, or data protection impact assessments. 
• Experience with customer-facing compliance support (e.g., security questionnaires, due diligence calls). 
• Familiarity with AI compliance and emerging risk domains (a plus, not required).