Compliance Manager

Compliance Manager

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values.

Our headquarters are in the greater Seattle area, and at this time, we are focusing on local resources who will report onsite to our Bellevue, WA office as required.

Who We Need 

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. Beyond core capabilities, we are seeking problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you. 

This Opportunity

The Compliance Manager is an individual contributor role who will report to our Compliance Manager Lead. You will be part of the highly respected Compliance team responsible for standing up and maintaining governance over Truveta’s internal controls environment.  We are a small but mighty team, establishing baseline risk programs and a roadmap to achieving and maintaining security and privacy-related certifications and attestations, e.g., ISO 27001, 27018, 27701, Type 1 and Type 2 SOC 2, 21 CFR Part 11 and HITRUST for HIPAA and Security. We are committed to the trust of our health system members and with each other, so please come with your sleeves rolled up, ready to be accountable for business critical assignments, tight timelines, high quality expectations, and attention to detail.  You will be rewarded as a part of building something that contributes to the mission and knowing your hard work is making a significant impact.

Responsibilities will include:   

• Developing and overseeing a large inventory of business and technology-related control systems aligned with legal guidelines, internal policies and procedures, and new and future certifications, i.e., ISO 27001, ISO 27018, ISO 27701, Type 2 SOC 2, and HITRUST 9.x or higher
• Designated responsibility for performing key compliance rhythm of business activities that must be kept to committed timelines, e.g., remediation, ISMS PIMS intake requests, risk tracking
• Standing up and maintaining internal technical controls to support security and privacy, e.g., identity management, user access, data integrity, change management, physical and logical security, privacy related to data controller and processor, SDLC.
• Analyzing and rationalizing targeted certification standard requirements and control gaps
• Effectively communicating the intent of certification standards to technical and non-technical control owners and performers
• Writing technical security and privacy-related risk statements, control statements, control execution steps, and suggested evidence to properly support certification requirements
• Staging and coaching control owners and performers for successful audit walkthroughs
• Analyzing internal and vendor business systems to ensure compliance with industry regulations and ethical standards
• Creating, modifying, updating, and assisting as needed with implementing Truveta policies and procedures
• Developing risk management strategies and performing risk assessments according to Truveta methodology
• Designing ongoing relevant security and privacy-related training programs for employees of the business
• Liaising with other departmental heads to ensure all business operations are in line with business policies and procedures
• Advising mid- and senior management on business operations related to investment, business objectives, certifications and attestations, risks, and other policy and procedure development.

Key Qualifications  

• Bachelor’s or higher degree supplemented by training
• 5 plus years of experience as an IT Auditor in internal or external auditing or Compliance Manager
• Report onsite to Bellevue, WA as required
• Direct responsibility for performing HITRUST readiness self-assessments or performing HITRUST validated assessment audits for HITRUST version 9.x or higher in/for a healthcare business associate organization
• HITRUST CCSFP certification in the past 3 years
• Direct experience with regulated e-PHI and/or PII data including HIPAA requirements for organizations classed as technology business associates as well as FDA 21 CFR Part 11, and certifications, i.e., ISO 27001, 27018, 27701, Type 2 SOC 2, and HITRUST
• Ability to effectively translate ISO, SOC 2, HITRUST requirements to engineering and non-engineering stakeholders
• Strong knowledge of cloud technology and engineering industry processes and regulations
• Proven bench strength in defining and performing technology and business risk assessments, defining control design, and measuring and monitoring control operating effectiveness
• Outstanding written and verbal communication and interpersonal abilities
• An analytical and critical-thinking mindset with excellent organizational and programmatic skills
• Ability to work effectively, accurately, and take accountability on critical compliance timelines
• Prefer career training and experience as IT Auditor, internal or external audit or compliance consultant with healthcare data
• Pluses: current or past certification as CISA, CIA, CRISC, CISSP, CIPT or related disciplines; big four experience.

Why Truveta? 

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together.

We offer: 

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person as soon as we are able)

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals to apply even if you exceed or don’t meet all requirements.