Job Specifications
How you will help:
We are seeking a skilled and detail-oriented Security Compliance Program Manager with a strong focus on compliance and FedRAMP (Federal Risk and Authorization Management Program) to join HealthVerity’s Security team. In this role, you will be responsible for ensuring that our organization’s information systems meet the security and compliance requirements mandated by FedRAMP, HIPAA, and other relevant healthcare industry regulations. You will work closely with members of the Security team as well as cross-functional teams to implement security controls with a risk-based and cost effective approach, as well as monitor and regularly assess these controls.
What you will do:
Develop, document, and maintain FedRAMP-specific policies, procedures, and controls.
Support efforts to maintain FedRAMP compliance, including the creation of System Security Plan (SSP), gathering evidence, and preparing reports.
Collaborate with team members to manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
Coordinate with internal teams to develop and implement policies to meet compliance requirements.
Collaborate with third-party assessors to complete security assessments and audits.
Conduct third party risk assessments.
Drive security training and phishing campaigns.
Conduct periodic risk assessments and audits to ensure compliance with applicable regulatory frameworks.
About You
You make security a priority in everything you do.
You enjoy leading with empathy and simplifying security for non-security audiences.
You have strong communication, interpersonal, and leadership skills.
You have a good understanding of HIPAA, NIST 800-53 and/or other security compliance frameworks.
You have experience leading portions of information security audits.
You prioritize keeping yourself abreast with the security trends and threats, and can explain these issues in a simple way to a non-security audience.
You have experience with cloud security architectures and best practices for AWS (or equivalent for GCP/Azure).
You have experience with scripts (Shell, Python) and you prefer the use of automation for gathering evidence.
Desired Skills and Experience:
3-5 years information security experience with a focus on compliance, FedRAMP, NIST 800-53, HIPAA, SOC 2, ISO 27001.
CISSP, CISM, AWS Certified Security or similar security certifications;
Working knowledge of tools such as Qualys, Datadog, and AWS Security services for vulnerability management, SIEM, and scanning.
Working knowledge of AWS Audit Manager, AWS Artifact, Drata, or Vanta.
Experience with automating the gathering of evidence for information security audits.
Comfortable with scripting in Python and Bash.
Base salary for the role is commensurate with experience and can range between $90,000 - 130,000 + annual bonus opportunity.
Hiring Locations
Our main office is located in Center City, Philadelphia, where we operate on a hybrid model with in-office work required three days a week for local employees. We believe collaboration is most effective when teams come together, which is why we prioritize hiring in the Philadelphia area.
For certain roles, we also hire from hub locations—regions where we have an established presence with multiple team members working remotely. While these employees primarily work from home, we bring them together in person at lease once a year for team-building, collaboration, and strategic planning.
Due to tax and labor regulations, we can only hire from specific states. Remote work is supported in the following key hub locations and approved states:
Hub Locations:
Philadelphia, Pennsylvania
Boston, Massachusetts
New York City, New York
Baltimore, Maryland
Washington, D.C.
Charlotte, North Carolina
Raleigh-Durham, North Carolina
Atlanta, Georgia
Chicago, Illinois
Approved States for Remote Work:
CT, DE, FL, GA, IL, IN, MA, MD, MI, NC, NJ, NY, OH, PA, TN, and VA.
About HealthVerity
HealthVerity is the leader in privacy-protected real-world data exchange, transforming how healthcare and life sciences organizations connect and analyze disparate healthcare and consumer data. We continue to innovate HealthVerity Marketplace, the nation's first and largest real-world data ecosystem comprising more than 75 leading data providers and over 340 million US patients. Combined with Identity Manager, the industry's most accurate and efficient solution for patient identity, privacy and governance, we support critical applications in clinical development, commercial strategy, regulatory decision-making, population health, underwriting and more. HealthVerity has raised more than $140 million to date and works closely with its data providers, partners and clients to Synchronize the Science. To learn more about HealthVerity, visit healthverity.com.
Why you'll love working here
We are making a difference – Our technology is at the fore