Compliance Specialist

Compliance Specialist

Levitate’s employees share a very important mission and goal: helping small businesses grow and thrive. We all contribute to this goal in unique ways, and that’s why we prioritize helping our staff identify their strengths and find genuine fulfillment in their roles.

Across every team and department at Levitate, you’ll find friendship, enthusiasm, intelligence, and drive. In our pursuit to make the world a more creative and entrepreneurial place, we keep our company’s five core values at the center of everything we do:

1. Creating magic
2. Showing customer empathy
3. Making data-driven decisions
4. Focusing on solutions, not problems
5. Making small improvements every day

The Compliance Specialist will play a crucial role in maintaining and enhancing our compliance framework, particularly around SOC 2 and HIPAA. This mid-level role involves policy oversight, audit preparation, and day-to-day management of our compliance platform, Vanta. The ideal candidate will have a strong grasp of regulatory frameworks relevant to SaaS companies, an analytical mindset, and a collaborative attitude to foster organizational-wide compliance.

Responsibilities:

• Develop, implement, and maintain compliance policies and procedures aligned with SOC 2 and HIPAA requirements.
• Monitor and ensure adherence to regulatory requirements, industry standards, and internal policies, especially those impacting data security and privacy.
• Manage and optimize compliance workflows using Vanta, including task monitoring, evidence collection, and audit coordination.
• Conduct regular audits and risk assessments to proactively identify compliance gaps and areas for improvement.
• Maintain documentation and prepare reports and dashboards to keep leadership informed of compliance status and risks.
• Assist with the vetting, onboarding, and ongoing monitoring of vendors to ensure compliance with our security and privacy standards.
• Complete vendor and security questionnaires from prospects and clients, working cross-functionally to gather accurate and timely responses.
• Provide training and guidance to staff on compliance-related topics, including HIPAA regulations and secure data handling practices.
• Collaborate cross-functionally with Legal, IT, Security, and Product teams to embed compliance in operational processes.
• Track changes in relevant laws, regulations, and best practices, and revise internal procedures accordingly.
• Respond to compliance issues and incidents, including investigations and root-cause analysis.

Our commitment to our staff is showcased not only through our strong company culture, but also through our employee-centric benefits and programs including:

• Daily catered lunches from locally-owned restaurants and diverse snack offerings 
• Employee-led groups (run club, disc golf club, and book club, just to name a few) that bring employees with similar hobbies and interests together to inspire and build relationships
• Plentiful opportunities to volunteer with and contribute to local organizations that align with the passions of our staff
• Flexible PTO to facilitate strong work-life balance 
• Paid parental leave that provides employees with support and flexibility as they grow their families
• Extensive benefit options including healthy lifestyle reimbursement, 401(k) matching, HSA/FSA, dental, vision, and mental health coverage, and much more
• Culture Crew and Emerging Leader programs to foster employee leadership development, inclusivity, and connection through year-round trainings and events

Qualifications:

• Bachelor’s degree in Law, Business, Information Security, or a related field. Certifications (e.g., CCEP, CISA) are a plus.
• Minimum of 3 years of experience in a compliance role within the SaaS or technology industry; project management experience is a plus.
• Strong working knowledge of SOC 2 and HIPAA compliance frameworks; experience with ISO 27001 is a plus.
• Experience using compliance management tools such as Vanta or similar platforms.
• Familiarity with vendor due diligence processes and third-party risk management.
• Experience completing vendor or security questionnaires for clients and prospects, with an ability to coordinate technical input from internal teams.
• Strong communication skills and the ability to translate complex regulatory language into actionable internal guidance.
• Exceptional organizational, analytical, and problem-solving skills.
• High ethical standards and ability to handle confidential information with discretion.