Compliance Manager • Lead

Who you are

You have extensive experience in compliance leadership, particularly in managing HIPAA and SOC 2 certifications. Your background includes working closely with external auditors and professional services to ensure compliance standards are met. You excel in defining and maintaining security policies, embedding risk assessment activities within engineering processes, and managing vendor relationships effectively.

You are skilled in operational excellence, partnering with control owners to automate evidence gathering and ensure that security controls enhance rather than hinder operational processes. Your stakeholder management abilities allow you to serve as the primary point of contact for US regulators and partners, ensuring clear communication and alignment with compliance requirements.

Your technical knowledge includes familiarity with governance, risk, and compliance (GRC) tools, which you leverage to integrate security practices into the organization’s workflow. You are committed to building a secure and compliant platform that supports millions of users while prioritizing privacy and security in digital health.

Desirable

Experience with ISO 27001/27701 alignment is a plus, as is a background in the health tech industry. You are proactive in identifying potential security risks and implementing effective mitigation strategies. Your ability to work collaboratively with cross-functional teams enhances your effectiveness in this role.

What you'll do

In this role, you will lead the design and operation of Flo's healthcare security controls, ensuring compliance with HIPAA and SOC 2 standards. You will own the roadmap for compliance initiatives, working closely with Engineering and Legal teams to build a secure platform for users. Your responsibilities will include leading annual SOC 2 and HIPAA certifications, managing relationships with external auditors, and ensuring that all compliance activities are documented and reported accurately.

You will define and maintain security policies that align with industry standards and best practices. By embedding risk assessment activities within engineering processes, you will help to identify and mitigate potential security risks early in the development lifecycle. Your focus on operational excellence will drive automation of evidence gathering, ensuring that compliance controls are efficient and effective.

As the primary Security point of contact for US regulators and partners, you will facilitate communication and collaboration to ensure that all compliance requirements are met. You will also support the wider Security team in aligning with ISO 27001/27701 standards, contributing to the overall security posture of the organization.

What we offer

Flo Health offers a dynamic work environment where you can make a significant impact on the future of female health. You will be part of a mission-driven team that values diversity, equity, and inclusion. We provide competitive compensation and a range of health, pension, and wellbeing perks to support our employees. Join us in building the next generation of digital health solutions that prioritize user privacy and security.