Compliance Manager

About the Opportunity 
Flywheel is seeking a dynamic and motivated Compliance Manager to manage our information security and healthcare GRC audit programs. Successful applicants will have a passion for collaboration, risk analysis, program management, and audit expertise. This role requires managing internal and external audits, testing security control effectiveness, developing policies and procedures, and maintaining Flywheel’s compliance program. 
Environment  
In this role, you will work closely with compliance, information security, and IT stakeholders, as well as external auditors and regulatory bodies. Our audit program is based on SOC 2, HITRUST, and ISO 27001 and includes compliance with HIPAA, HITECH, and NIST frameworks (such as NIST 800-171 and 800-53). 
We’re highly responsive to customer needs and constantly strive to make a positive contribution to the biomedical and life sciences communities we serve. Team members are recognized and rewarded when advocating for customer success and satisfaction over other concerns. We value self-motivated, creative individuals who work well in a collaborative environment – constantly generating and sharing new ideas and solutions with the team.  
Flywheel has a comprehensive benefits package and encourages a balanced work life and home life. 

Responsibilities

• Lead Flywheel’s SOC 2, HITRUST, ISO 27001, and 21 CFR Part 11 annual external audits. 
• Test and monitor security control effectiveness in GRC software Vanta. 
• Manage risk assessments, third-party vendor reviews, and corrective action plans. 
• Lead annual internal audit and quality management system implementation. 
• Develop information security policies and procedures. 
• Manage security awareness training program. 
• Act as a key liaison for audits, regulatory inquiries, and external assessments. 
• Comply with company policies, including security, confidentiality, and data protection requirements, to maintain a secure work environment. 

What would make you a great fit

• Bachelor’s degree in related field and minimum 5 years of experience in compliance. 
• Hands-on expertise implementing SOC 2, ISO 27001, and HITRUST audit programs. 
• Extensive knowledge of global cyber regulations, compliance standards, and technology with a proven track record in implementing and managing security frameworks. 
• Significant experience in designing, developing, and managing security policies, procedures, and controls to safeguard critical assets. 
• Strong communication skills, can clearly convey security and risk topics to technical and non-technical stakeholders, and ability to work collaboratively in a team environment.  
• Experience with medical imaging or healthcare IT systems (preferred but not required).