HealthVerity

About the Company

HealthVerity synchronizes transformational technologies with the nation's largest healthcare and consumer data ecosystem to power previously unattainable outcomes and fundamentally advance the science. We offer a comprehensive, yet flexible approach, based on the foundational elements of Identity, Privacy, Governance and Exchange (IPGE), that synchronizes unparalleled Identity management with built-in Privacy compliance and Governance, providing the ability to discover and Exchange a near limitless combination of data at a record pace. Together with our partners in life sciences, government and insurance, we are Synchronizing the Science. To learn more about HealthVerity, visit healthverity.com.

Listed Jobs

Company Name

HealthVerity

Job Title

Security Compliance Program Manager

Job Description

Job Title: Security Compliance Program Manager Role Summary: Own and advance the organization’s FedRAMP compliance posture, ensuring alignment with HIPAA, NIST 800‑53, SOC 2, and ISO 27001. Develop, document, and maintain security controls, conduct risk assessments, and manage continuous monitoring programs. Serve as primary liaison for internal stakeholders and external assessors, driving evidence collection, reporting, and remediation. Expactations: Deliver FedRAMP‑specific policies, System Security Plans, and continuous monitoring artifacts on schedule. Maintain up‑to‑date evidence for audits through automated scripting. Lead vulnerability management, incident response coordination, and phishing training. Communicate security metrics and trends to non‑technical audiences. Keep current on emerging threats and compliance requirements, translating complexity into actionable guidance. Key Responsibilities: - Design, document, and enforce FedRAMP, HIPAA, NIST 800‑53, SOC 2, and ISO 27001 controls. - Prepare and update System Security Plans, Statement of Applicability, and other FedRAMP artifacts. - Coordinate continuous monitoring (ConMon) activities: vulnerability reporting, POA&M tracking, and artifact creation. - Conduct third‑party risk assessments and facilitate external security assessments and audits. - Automate evidence gathering with Python/Bash scripts and integrate tools such as Qualys, Datadog, AWS Security services, Audit Manager, and Vanta. - Deliver security awareness, phishing simulations, and training for all staff. - Monitor regulatory changes, threat landscape, and industry best practices; advise business units on implications. Required Skills: - 3‑5 years experience in information security with a focus on compliance and risk management. - Deep knowledge of FedRAMP, NIST 800‑53, HIPAA, SOC 2, ISO 27001, and related frameworks. - Proficiency in AWS security architecture, services, and tools; experience with GCP/Azure is a plus. - Scripting expertise in Python and Bash for automation of evidence collection. - Familiarity with vulnerability scanners, SIEM (Datadog, Splunk), and cloud audit tools (Audit Manager, Artifact, Drata, Vanta). - Strong communication, stakeholder engagement, and leadership abilities. - Ability to simplify complex security concepts for non‑technical audiences. Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, or related field. - CISSP, CISM, AWS Certified Security Specialty, or equivalent security certification.

Philadelphia, United states

Hybrid

Junior

23-02-2026