Manager of Compliance Operations

Description

At Dario, Every Day is a New Opportunity to Make a Difference.

We are on a mission to make better health easy. Every day our employees contribute to this mission and help hundreds of thousands of people around the globe improve their health. How cool is that? We are looking for passionate, smart, and collaborative people who have a desire to do something meaningful and impactful in their career.

The Manager of Compliance operations ensures compliance with governmental requirements (HIPAA, GDPR, etc.). The Manager requires an in-depth understanding of how organizational capabilities interrelate across the function or segment. This position is also responsible for monitoring the IT Security environment to immediately detect, verify, and respond swiftly to cyber threats, e.g., vulnerability exploitation, malware, cyber-attacks, etc., serving as a technical escalation resource and providing mentoring to lower-level staff. This role also oversees accessibility and ensures all products conform to 508c and WCAG standards. This role effectively establishes the Incident Response operations of the organization, by working closely with IT and business stakeholders to execute in a non-disruptive manner across the organization. This position also develops and implements compliance policies and procedures. Research compliance issues and recommends changes that assure compliance with contract obligations. Maintains relationships with government agencies. Coordinates site visits for regulators, coordinates implementation and compliance with corrective action plans, as needed.

The primary responsibilities of this job include:

• Lead the Information Security team, including Security Engineering function, data privacy, and compliance.
• Work together with leaders in Product, Legal, Finance, and IT teams to create a Security & Privacy culture and to constantly improve the security and privacy of company, employee, and customer data.
• Ensure that all security monitoring systems and processes are functional and effective.
• Build collaborative relationships with key business partners.
• Actively participate in the software development lifecycle to ensure that developers are trained in and are following secure coding practices as well as privacy-by-design standards.
• Monitor changes in industry-relevant legislation and accreditation.
• Maintain and enhance the Security Incident Response Plan, evaluate the effectiveness of the program, and coordinate incident response across the company.
• Contribute and lead the Security Risk Management program.
• Drive HITRUST and SOC2 implementations as well as other certifications that meet the company’s needs.
• Lead the Security, Privacy, and Compliance Committee (SPCC).
• Provide expert advice in all areas of regulatory healthcare compliance.
• Oversee company-wide compliance operations including sanction screening.
• Oversee the development and maintenance of company-wide compliance and security policies.
• Develop communications and analyses for inclusion in executive level presentations.
• Develop and oversee completion of company-wide compliance education.
• Direct research and review of complex issues.
• Oversee the contract review process to ensure compliance with regulatory requirements.
• Provide guidance for staff and leadership concerning regulatory compliance topics.
• Work with the Chief of Operations, Engineering, and Product Development to update and implement disaster recovery plans and business continuity plans.
• Interface with clients to ensure the organization meets all necessary client security and compliance requirements.
• Review and monitor existing and potential vendors with access to company data to ensure they meet the company’s security and compliance requirements.

Requirements

• Education: Bachelor’s degree required. Graduate degrees preferred.
• Must have 5-8 years’ experience in healthcare security, compliance, and auditing.
• Must have experience in developing policy, procedure manuals, and managing audits to confirm compliance.
• Previous technology and cybersecurity background preferred.
• Experience with HIPAA compliance for healthcare technology is required.
• Strong technical writing skills.
• HITRUST r2 & SOC-2 audit experience is required.
• HITRUST CSF training or certification would be a plus.

***DarioHealth promotes diversity of thought, culture and background, which connects the entire Dario team. We believe that every member on our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions. We are passionate about building and sustaining an inclusive and equitable working and learning environments for all people, and do not discriminate against any employee or job candidate. ***