Compliance Program Manager

Please note:  This is a hybrid role requiring 3 days in office at our Philadelphia HQ - 1818 Market Street.

We are seeking a skilled and detail-oriented Compliance Program Manager with a strong focus on compliance and FedRAMP (Federal Risk and Authorization Management Program) to join HealthVerity’s Security team. In this role, you will be responsible for ensuring that our organization’s information systems meet the security and compliance requirements mandated by FedRAMP, HIPAA, and other relevant healthcare industry regulations. You will work closely with members of the Security team as well as cross-functional teams to implement security controls with a risk-based and cost effective approach, as well as monitor and regularly assess these controls.

What you will do:

• Develop, document, and maintain FedRAMP-specific policies, procedures, and controls.
• Support efforts to maintain FedRAMP compliance, including the creation of System Security Plan (SSP), gathering evidence, and preparing reports.
• Collaborate with team members to manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
• Coordinate with internal teams to develop and implement policies to meet compliance requirements.
• Collaborate with third-party assessors to complete security assessments and audits.
• Conduct third party risk assessments.
• Drive security training and phishing campaigns.
• Conduct periodic risk assessments and audits to ensure compliance with applicable regulatory frameworks.

About You

• You make security a priority in everything you do.
• You enjoy leading with empathy and simplifying security for non-security audiences.
• You have strong communication, interpersonal, and leadership skills.
• You have a good understanding of HIPAA, NIST 800-53 and/or other security compliance frameworks.
• You have experience leading portions of information security audits.
• You prioritize keeping yourself abreast with the security trends and threats, and can explain these issues in a simple way to a non-security audience.
• You have experience with cloud security architectures and best practices for AWS (or equivalent for GCP/Azure).
• You have experience with scripts (Shell, Python) and you prefer the use of automation for gathering evidence.

Desired Skills and Experience:

• 3-5 years information security experience with a focus on compliance, FedRAMP, NIST 800-53, HIPAA, SOC 2, ISO 27001.
• CISSP, CISM, AWS Certified Security or similar security certifications;
• Working knowledge of tools such as Qualys, Datadog, and AWS Security services for vulnerability management, SIEM, and scanning. 
• Working knowledge of AWS Audit Manager, AWS Artifact, Drata, or Vanta.
• Experience with automating the gathering of evidence for information security audits.
• Comfortable with scripting in Python and Bash.

Base salary for the role is commensurate with experience and can range between $100,000 - 130,000 + annual bonus opportunity.

Hiring Locations

Our main office is located in Center City, Philadelphia, where we operate on a hybrid model with in-office work required three days a week for local employees. We believe collaboration is most effective when teams come together, which is why we prioritize hiring in the Philadelphia area.

For certain roles, we also hire from hub locations—regions where we have an established presence with multiple team members working remotely. While these employees primarily work from home, we bring them together in person at lease once a year for team-building, collaboration, and strategic planning.

Due to tax and labor regulations, we can only hire from specific states. Remote work is supported in the following key hub locations and approved states:

Hub Locations:

• Philadelphia, Pennsylvania
• Boston, Massachusetts
• New York City, New York
• Baltimore, Maryland
• Washington, D.C.
• Charlotte, North Carolina
• Raleigh-Durham, North Carolina
• Atlanta, Georgia
• Chicago, Illinois

Approved States for Remote Work:
CT, DE, FL, GA, IL, IN, MA, MD, MI, NC, NJ, NY, OH, PA, TN, and VA.

About HealthVerity

HealthVerity is the leader in privacy-protected real-world data exchange, transforming how healthcare and life sciences organizations connect and analyze disparate healthcare and consumer data. We continue to innovate HealthVerity Marketplace, the nation's first and largest real-world data ecosystem comprising more than 75 leading data providers and over 340 million US patients.  Combined with Identity Manager, the industry's most accurate and efficient solution for patient identity, privacy and governance, we support critical applications in clinical development, commercial strategy, regulatory decision-making, population health, underwriting and more.  HealthVerity has raised more than $140 million to date and works closely with its data providers, partners and clients to Synchronize the Science.  To learn more about HealthVerity, visit healthverity.com.

Why you'll love working here

We are making a difference – Our technology is at the forefront of some of the biggest healthcare challenges in the world. 

We are one team – Our people define our culture and always will. We take time out to celebrate each other, and acknowledge the value that each of us adds towards our greater mission. Come share all you have to offer.

We are learners – Every team member is continually learning, no matter if we've been in a role for one year or much longer. We are committed to learning and implementing what is best for our clients, partners, and each other.

Benefits & Perks

Our benefits package is thoughtfully designed to support and enrich the experience of our full-time employees, with eligibility limited to those in permanent positions.

• Compensation: competitive base salary & annual bonus opportunity (for non-commissioned roles)
• Benefits: We offer a 401(k) plan and stock options. Health, dental, and vision coverage start on day 1, while 401(k) eligibility and stock options follow soon after.
• Flexible location: Remote workdays and 3 days a week of in-office collaboration for team members in the Philadelphia area. Check location requirements with the recruiting team.
• Generous PTO: Take time off as needed, targeted at 4 weeks per year, including vacation, personal and sick time, plus paid parental leave.
• Parental Leave: 12 weeks paid leave for childbearing, surrogacy, and adoption; 6 weeks for non-childbearing parents.
• Comprehensive and individualized onboarding: mentorship program, departmental talks, and a library of resources are available beginning day 1 for each new team member to minimize the stress of starting a new job
• Professional development: biweekly 1:1s, hands-on leadership that is goal-and growth-oriented for each team member, and an annual budget to support professional development pursuits

We believe incorporating different ideas, perspectives and backgrounds make us stronger and encourages an environment where ageism, racism, sexism, ableism, homophobia, transphobia or any other form of discrimination are not tolerated. All qualified job applicants will be given consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. At HealthVerity, we’re working towards an innovative and connected future for healthcare data and believe the future is better together. We can only do that if everyone has a seat at the table. 

If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to careers@healthverity.com

Remote opportunities are not available in all areas and require team members to work from a fixed location due to tax and labor law implications - specific questions about remote positions can be discussed during the interview process with your recruiter.