Senior Manager, Infosec Compliance

At Kyruus Health, our mission is to connect people to the right care, in pursuit of our vision: a better healthcare system- one that's transparent and accessible- where everyone gets the care they need. Our values are at the heart of everything we do:
We care deeply – We do the right thing even if it’s the harder thing. We are fiercely driven – We harness our curiosity to pursue continuous improvement and create simple solutions to complex problems.We lead with respect – We celebrate the individual traits that make each of us unique and seek out diverse voices to listen and learn.We are accountable – We do what we promise for each other and our customers.
Here’s what that would mean for you in the Senior Manager, InfoSec Compliance role. Care: You care about our patients, our customers, our employees and our company. You want to do everything you can to keep them and their data safe. Driven: You want to build the best Information Security program possible. Respect: You respect the other departments at Kyruus Health. Security should be an enabler of their success. Accountable: You value our compliance certifications and look to improve with each assessment cycle.
This pivotal role will own leading Kyruus Health's enterprise-wide information security compliance and risk management strategy, reporting directly to the Senior Director, Information Security. The position requires a proven leader to oversee crucial certification efforts (SOC 2 Type II, HITRUST) and implement robust controls across our four unique cloud infrastructure environments. Responsibilities include strategic risk assessment, policy governance, driving continuous improvement, and actively managing team performance through coaching and strategic delegation of day-to-day compliance activities. This role is key to protecting sensitive data, maintaining customer trust, and ensuring our security posture enables business growth.

What you will do in a Senior Manager, InfoSec Compliance role at Kyruus Health:

•  People Leadership: Lead a high-performing team responsible for delivering on complex, business-critical compliance initiatives. Provide coaching, mentorship, and career development to support both execution excellence and long-term growth.
• Strategic Delegation: Strategically delegate day-to-day compliance activities and project tasks to team members, ensuring efficient execution and optimal resource utilization.
• InfoSec Compliance Strategy: Lead and champion the Kyruus Health strategy for certification and audit work as it relates to SOC 2 Type II, HITRUST
• Control Architecture & Implementation: Oversee the design and implementation of controls aligned to HITRUST CSF, NIST, SOC 2, and FedRAMP frameworks. Drive control maturity through cross-functional execution, audit readiness, and continuous improvement.
• Risk Assessments: Lead information security risk assessments, document control deficiencies, and develop recommendations for improvement.
•  Risk Management: Design and implement continuously monitor for information security risks by maintaining an information security risk register.
• Business as Usual: Delegate day-to-today compliance activities (third party vendor reviews, access reviews, documentation review requests, etc.).
• Gap Assessments: Lead periodic security and compliance gap assessments on new and existing systems, processes, and technologies.
• Control Failures: Document and report control failures and gaps to stakeholders and provide guidance to improve alignment with compliance initiatives.
• Policy Management and Governance: Develop, implement, and maintain information security governance artifacts such as policy, standards, and procedures to manage, support, and improve the organization’s information security program.
• Customer Support: Triage and respond to client intake requests related to data privacy and security, as well as attend calls to discuss risks or issues with customers.
• Security Training: Develop and deliver information security training and awareness artifacts to develop and maintain a security-aware organizational culture.
• Collaboration: Lead collaboration between the security team and other departments, such as IT, legal, and executive management. Communicate complex security concepts and issues in a clear and actionable manner to non-technical stakeholders.
• Continuous Improvement: Identify opportunities for process improvements and enhancements in security operations. Lead initiatives to upgrade or replace outdated systems and practices.
• Documentation and Reporting: Maintain records of security incidents, responses, and resolutions. Prepare reports and summaries for stakeholders, including recommendations for improving security posture. Identify metrics to continuously monitor program effectiveness.
• Contribute to a Collaborative Security Strategy: Engage with various teams in defining and implementing the overall security strategy related to infrastructure, ensuring that security is an enabler for our business.
• You’ll report to the Senior Director, Information Security in the Information Security Department within the Engineering & Technology Division.

How You Can Grow
• Kyruus Health will bring you through an onboarding process that is both structured and self-guided, designed to enable connection and productivity as you learn more about our company, functions and products. Additionally, we have a culture of feedback, inclusive of our performance review process that provides you with the coaching, resources and opportunities to help you learn and grow with us.
•  Kyruus Health also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and HR to explore lateral moves to other parts of the organization as you continue to grow with us.

What you will bring:

• 8+ years of experience, Bachelor's degree, or equivalent experience
• Deep understanding of regulatory compliance standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001, and experience in leading the implementation and maintenance of compliance programs.
• Has comprehensive knowledge of security principles, technologies, and best practices, including encryption, authentication, firewalls, intrusion detection/prevention systems, and incident response.
• Knowledge of security principles, technologies, and best practices, including encryption, authentication, firewalls, intrusion detection/prevention systems, and incident response.
• Understanding of security testing tools and techniques, such as vulnerability scanning, penetration testing, and secure code analysis.
• Understanding of cloud platforms (AWS, Azure, or Google Cloud) and their security features, best practices, and configurations, including hybrid and multi-cloud environments.
• Exceptional analytical and problem-solving skills, with the ability to identify and address complex security risks and develop innovative, comprehensive mitigation strategies.
• Strong project management skills, with the ability to plan, execute, and monitor security projects and initiatives, effectively prioritizing based on risk and business impact.
• Excellent communication and collaboration skills, enabling effective interaction with both technical and non-technical stakeholders.
• Experience in mentoring, coaching, and developing less experienced team members, building a strong team culture and fostering collaboration across the organization.

Compensation Information

• Base Pay Range: $165,000- $186,000
• Other Compensation: In addition to your salary, this position is also eligible for our annual bonus program, equity, and benefits. Salary ranges are a guideline and pay is based on a variety of factors including; qualifications, competencies, skill-set, and organizational needs. Your recruiter can share more information about the salary range specific to your candidacy and other factors during the hiring process.
• Benefits:Our benefits package includes medical, dental, and vision benefits, unlimited paid time off (PTO), generous paid parental leave, a home office stipend, 401(k) program with company match, and a wellness and lifestyle program. Please refer to the company's benefits section on our career page or connect with your recruiter for full details.

Equal Opportunity Employer
Kyruus Health is dedicated to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information. We will not discriminate, in any employment decision, against any individual or group on the basis of race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information, or veterans/national guard/military reserve status. This shall be done in compliance with all applicable federal, state, and local laws in every location in which Kyruus Health has facilities.