Director, Information Security Compliance

About Manifold:

As the amount of biomedical data types and scale continues to grow, old ways of working with data hold back the pace of progress — fragmented data, overwhelming omics, complex manual work, analysis backlogs, friction in secure collaboration, and barriers to distributing workflows. We had a conviction about how to move us closer to a future of precision medicine by making it ten times faster and one-tenth the cost to generate knowledge, develop better treatments, and improve patient outcomes.

And so Manifold began its journey. We are a health research infrastructure company that enables researchers to focus on the high-impact research that matters most, by taking care of all the other stuff that gets in the way.

About the Role:

We are seeking an experienced Director, Information Security Compliance to lead and run our IT & Security compliance program. This role will report directly to the CISO and operate compliance assurance activities for internal operations and our product. The ideal candidate will be adept at navigating complex regulatory environments while working collaboratively with engineering, IT, legal, and other cross-functional teams. This role is pivotal in ensuring that our organization adheres to a range of security standards, including HIPAA/HITRUST, ISO27001, SOC2, and FedRAMP. We are rapidly growing so our compliance processes also need to be designed for scale to meet future needs.

What You’ll Do:

• Manage the Compliance Program: Oversee and improve the compliance framework and ensure effective operation of compliance processes and controls to ensure sustained adherence to multiple security standards (SOC 2, HIPAA/HITRUST, ISO 27001, NIST, FedRAMP, etc.) and customer requirements
• Strategic Alignment: Work closely with the CISO to align compliance efforts with business goals, providing key support in executing a robust compliance strategy
• Collaboration: Partner with engineering, IT, legal, and other stakeholders to embed compliance requirements into operational and product development processes, including SDLC, third-party management, risk assessments and incident response
• Broad Security Standards Focus: Oversee compliance efforts across a variety of standards and frameworks, addressing current needs while preparing for long-term business objectives
• Hands-On Execution: Actively manage compliance-related activities, including responding to customer compliance requests, policy development, control implementation, gap analyses, and audit readiness
• Decision-Making: Own and drive compliance-related decisions, ensuring timely, effective, and scalable solutions with supporting project and communication plans
• Audit and Certification Support: Facilitate internal and external audits and maintain our customer-facing trust documentation, thus ensuring organizational readiness
• Training and Awareness: Promote compliance awareness by developing and delivering training programs for team members
• Risk Management: Identify and mitigate compliance risks while ensuring the program evolves with the regulatory landscape.

What You’ll Bring:

• Bachelor’s degree in a relevant field (e.g., Information Security, IT Risk Management, Computer Science, or related)
• 8+ years of experience in IT/security compliance, IT risk management, or information security roles, with hands-on program leadership
• Strong knowledge of security frameworks and regulations, including SOC 2, HIPAA/HI-TRUST, FedRAMP, ISO 27001, NIST, and others
• Proven ability to collaborate across technical and non-technical teams, with excellent communication skills
• Experience designing and operating compliance programs with a continuous improvement approach
• Hands-on expertise in drafting policies, implementing controls, and leading audit readiness efforts
• Project management skills with the ability to prioritize and execute multiple initiatives simultaneously
• Experience in a high-growth, technology company
• Familiarity with IT risk management aspects of cloud service models and architectures
• Certifications such as CISSP, CISM, CISA, or equivalent are preferred