Opala · 1 month ago
Security and Compliance Manager
United States
Full-time
Remote
Senior Level
$124K/yr - $145K/yr
6+ years expOpala is a healthcare startup focused on developing data products to solve complex challenges in the healthcare sector. They are seeking a Security & Compliance Manager to lead their compliance and risk management program, ensuring adherence to regulatory frameworks and managing security reviews and vendor assessments.
Data ManagementHealth CareSoftware
Responsibilities
Own and maintain the company’s Information Security Management System (ISMS)
Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST)
Respond to customer security questionnaires and due diligence requests
Oversee vendor risk management, including contracts, reviews, and security posture assessments
Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements
Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity
Define, implement, and maintain security policies, standards, and procedures
Serve as the main point of contact for auditors, regulators, and external security partners
Report compliance and risk posture to leadership and the board
Qualification
Required
Bachelor's degree in information security, risk management, or related field (or equivalent experience)
6+ years of experience in security, compliance, or risk management roles, with 3+ years in a leadership capacity
Experience working with SOC 2, HIPAA, and HITRUST frameworks
Experience working in a Cloud-based SaaS Platform
Familiarity with healthcare data security and PHI handling
Experience with Drata's GRC and compliance automation platform
Strong organizational skills and ability to manage multiple audit and certification workstreams
Excellent written and verbal communication skills, with the ability to translate compliance requirements into clear actions for engineering and business teams
Hands-on experience modernizing segregation of duties in a highly regulated environment
Preferred
Hands-on experience integrating Drata with external services: Entra ID, Azure, AWS, etc
Security certifications such as CISA, CISM, or CISSP
Experience with NIST 800-53, Cloud Security Alliance (CSA), and Center for Internet Security (CIS)
Experience working in healthcare or other regulated industries
Exposure to enterprise architecture frameworks such as TOGAF
Experience building compliance roadmaps in early-stage startups
Exposure to Containerization platforms like Docker, Kubernetes, or VMware Tanzu
Exposure to Serverless platforms like Azure Functions, AWS Lambda
Exposure to Big Data platforms like Hadoop, Databricks, Snowflake, Kafka, Cloudera
Exposure to DevSecOps
Exposure to DevOps Squad Organization Model
Experience working in sprint-based Agile Development Methodology
3+ years of vendor management experience
Benefits
Medical
Dental
Vision
Life and AD&D insurance
EAP
Short-term and long-term disability
16 days PTO
8 paid holidays
Fully paid holiday closure
Parental and family medical leave
401k
Stock options
Annual bonuses
Salary increases based on merit
Company
Opala
Opala is the data automation partner that makes payer-provider collaboration radically easy.
11-50 employees
H1B Sponsorship
Opala has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (1)
2023 (8)
Funding
Current Stage
Early StageTotal Funding
$7.6M2021-09-27Seed· $7.6M
Leadership Team
Meghan Quint
SVP Product and Customer Success
Recent News
Company data provided by crunchbase