Function Health is seeking a Security Program Manager to support and execute compliance operations, partner with cross-functional teams to enable compliant product growth and unblock business deals, and help ensure controls and policies scale with the business.
Requirements
- Execute SOC 2 Type II and HIPAA compliance operations, including evidence collection, control testing, and audit readiness.
- Coordinate audit activities with auditors, external assessors, and internal stakeholders under the direction of compliance leadership.
- Maintain and update a unified control framework that maps SOC 2, HIPAA, and future frameworks (e.g., HITRUST).
- Drive vendor and third-party risk management, including onboarding reviews, risk assessments, and BAA/DPA tracking.
- Understand privacy obligations (HIPAA Privacy Rule, GDPR, state laws) and design solutions with a privacy-first focus.
- Partner with Sales and Legal to support business deals, including security questionnaires and contractual agreements.
- Execute quarterly compliance rituals: access reviews, risk register updates, policy acknowledgments, and training compliance.
- Translate regulatory requirements into engineer-friendly tickets, policy updates, and compliance summaries.
- Identify and implement opportunities for automation in compliance workflows (evidence collection, access certifications, vendor reviews).
- Coordinate privacy operations, including data retention, deletion, and handling of member data requests.
- Build awareness across the business so compliance and privacy are seen as enablers, not blockers.
Benefits
- Competitive salary
- Flexible working hours
- Dynamic work environment