Security & Compliance Manager

About TailorCare

TailorCare is transforming the experience of specialty care. Our comprehensive care program takes a deeply personal, evidence-based approach to improving patient outcomes for joint, back, and muscle conditions. By combining a careful assessment of patients’ symptoms, health histories, preferences, and goals with predictive data and latest evidence-based guidelines, we help patients choose—and navigate—the most effective treatment pathway for them, every step of the way.

TailorCare values the experiences and perspectives of individuals from all backgrounds. We are a highly collaborative, curious, and determined team passionate about scaling a high-growth start-up to improve the lives of those in pain. TailorCare is a remote-first company with a hybrid office in Nashville.

About the Role:

We are seeking a highly skilled and motivated Security & Compliance Manager to join our team. This role is crucial to ensuring our company meets and maintains HITRUST certification and adheres to customer contractual compliance requirements. The ideal candidate will be responsible for overseeing compliance with regulatory requirements, enhancing our security posture, and managing potential risks across the organization. This role requires a strategic thinker with a deep understanding of compliance frameworks, information security protocols, and risk management within the healthcare industry.

Primary Responsibilities:

• Compliance Oversight:
• Develop, implement, and maintain compliance programs to ensure adherence to all applicable laws, regulations, and industry standards.
• Monitor changes in legislation and regulatory environments, providing guidance and updates to senior management.
• Conduct regular audits and assessments to evaluate compliance effectiveness and identify areas for improvement.
• Compliance investigations, action plans and overseeing compliance training
• Main POC for company compliance  
• Security Management:
• Lead and manage the HITRUST audit process, ensuring all necessary documentation and controls are in place.
• Lead the development and implementation of security policies and procedures to safeguard company assets and sensitive information.
• Familiar with personally implementing and maintaining technology surrounding security and compliance, including WAFs, VPNs, SAST, and DAST. Collaborate with IT, engineering, HR, and other departments to ensure cyber security measures are in place and implemented as a part of our regular business project planning.
• Oversee incident response planning and coordinate responses to security breaches or vulnerabilities.
• Risk Management:
• Identify, assess, and prioritize risks across the organization, developing risk mitigation strategies.
• Facilitate risk assessments and develop reports to communicate findings and recommendations to senior leadership.
• Foster a risk-aware culture by providing training and resources to employees on risk management best practices.

• Training and Reporting:
• Work closely with cross-functional teams to ensure compliance and risk management initiatives align with business objectives.
• Prepare and present regular reports on compliance, security, and risk management activities to the executive team and board of directors.
• Serve as the primary point of contact for regulatory agencies and external auditors.
• Provide training and guidance to staff on security and compliance best practices.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Minimum of 7 years of experience in information security, IT audit, compliance, or a related role, preferably within the healthcare industry. Master’s degree preferred.
• In-depth knowledge of HITRUST CSF and experience leading HITRUST certification processes.
• Strong understanding of healthcare regulations and standards, including HIPAA.
• Proven track record of developing and executing compliance and risk management programs in healthcare 
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to influence and build relationships at all levels of the organization.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Compliance and Ethics Professional (CCEP), Certified Risk Management Professional (CRMP)) are a plus.

What's In It For You

• Meaningful work each day, we care deeply about our mission, our patients, and each-other. 
• Work from anywhere in the US that best fits your lifestyle, or, for those that enjoy an in-person environment, join teammates in our hybrid hub Nashville. 
• Rich PTO and holiday plans to ensure you have time away to rest and recharge.
• We offer paid parental leave, support a healthy work-life integration, and offer work flexibility – we love to talk about our pets and families.
• Medical, dental, vision, life, disability, wellness resources, and an employer HSA contribution all from Day 1. 
• We are committed to fair and equitable pay for all employees, and we help you achieve your future goals with an employer match 401k.
• An inclusive workplace where you can lean on your teammates, offer candid feedback, and bring your true self to work each day. 

TailorCare seeks to recruit and retain staff from diverse backgrounds and encourages qualified candidates to apply. TailorCare is an equal opportunity employer and does not discriminate on the basis of age, sex, gender identity/expression, sexual orientation, color, race, creed, national origin, ancestry, religion, marital status, political belief, physical or mental disability, pregnancy, military, or veteran status.