Role Overview

We are seeking an experienced Compliance Engineer / Manager to own and manage the end-to-end compliance strategy and framework for RISA Labs. You will be responsible for ensuring that our platform adheres to regulatory standards such as HIPAA, SOC 2, ISO 27701, and HiTrust, and for driving the ongoing efforts to maintain and improve our security posture.

As a key member of our security and legal teams, you will collaborate closely with cross-functional stakeholders (product, engineering, operations) to ensure the successful implementation and maintenance of security and compliance controls.

Responsibilities

• HIPAA Compliance: Lead efforts to maintain and enhance HIPAA compliance by ensuring that all processes, systems, and workflows meet the necessary privacy and security requirements for handling healthcare-related data.
• SOC 2 Compliance: Oversee the preparation and management of SOC 2 audits, ensuring the company maintains the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.
• ISO 27701 & HiTrust Compliance: Manage compliance efforts related to ISO 27701 (privacy information management) and HiTrust certifications, including working with external auditors, internal teams, and stakeholders to ensure controls are in place and operating effectively.
• Internal Audits & Assessments: Conduct regular internal compliance audits, risk assessments, and gap analysis to identify and resolve any areas of non-compliance or improvement opportunities.
• Policy & Documentation Management: Develop, maintain, and enforce company policies and procedures related to compliance and data protection, ensuring that documentation is always up-to-date and accurate.
• Cross-Functional Collaboration: Work with engineering, security, and product teams to design and implement secure systems and solutions that align with regulatory requirements.
• Security & Risk Management: Assist in identifying security risks related to compliance regulations and help implement mitigation strategies in alignment with company goals.
• Training & Awareness: Provide training and education to employees on compliance policies, data protection best practices, and regulatory requirements.
• External Audits & Certifications: Manage relationships with external auditors and lead the coordination of external compliance audits (SOC 2, HIPAA, HiTrust, etc.).
• Continuous Improvement: Stay up-to-date on evolving industry regulations and best practices related to compliance and security, ensuring the company’s compliance efforts are proactive and forward-looking.

Qualifications

• 5+ years of experience in compliance, information security, or data privacy, with a focus on healthcare and regulated industries
• Expertise in HIPAA, SOC 2, ISO 27701, and HiTrust compliance frameworks and certifications
• Experience with conducting risk assessments, security audits, and gap analysis for compliance-related initiatives
• Strong understanding of privacy and data security laws and regulations (e.g., GDPR, CCPA, HIPAA)
• Familiarity with cloud platforms (AWS, GCP, Azure) and security best practices for cloud-based applications
• Experience working with security and engineering teams to implement privacy and security controls
• Strong written and verbal communication skills, with the ability to communicate complex compliance requirements to non-technical stakeholders
• Excellent organizational and project management skills, with the ability to prioritize tasks and manage multiple compliance initiatives simultaneously
• Certifications such as CISSP, CISA, CIPP, CISM, or HiTrust CCSFP are a plus
• Bachelor’s degree in Information Security, Law, Business, or a related field