Manager, Security and Compliance

OpalaSeattle, WA
1dRemote
Match Resume

About The Position

Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we are seeking a Security & Compliance Manager to lead Opala’s compliance and risk management program in a fast-moving healthcare data startup environment. This role owns our audit roadmap (SOC 2, HIPAA, HITRUST), ensures compliance with regulatory frameworks, and drives customer trust by managing security reviews, vendor assessments, and evidence collection. This role is two-fold. As a strategic leader, you will be guiding our compliance roadmap, managing our MSP (IT + SOC/MDR), and interfacing with auditors. As a hands-on contributor, you will be partnering with engineering squads and our Security & Compliance Team to operationalize evidence gathering and process maturity.

Requirements

  • Bachelor’s degree in information security, risk management, or related field (or equivalent experience).
  • 6+ years of experience in security, compliance, or risk management roles, with 3+ years in a leadership capacity.
  • 3+ years of vendor management experience.
  • Experience working with SOC 2, HIPAA, and HITRUST frameworks.
  • Experience working in a Cloud-based SaaS Platform
  • Familiarity with healthcare data security and PHI handling.
  • Experience with Drata's GRC and compliance automation platform
  • Strong organizational skills and ability to manage multiple audit and certification workstreams.
  • Excellent written and verbal communication skills, with the ability to translate compliance requirements into clear actions for engineering and business teams.
  • Hands-on experience modernizing segregation of duties in a highly regulated environment
  • Hands-on experience integrating Drata with external services: Entra ID, Azure, AWS, etc.
  • Experience working in sprint-based Agile Development Methodology

Nice To Haves

  • Security certifications such as CISA, CISM, or CISSP.
  • Experience with NIST 800-53, Cloud Security Alliance (CSA), and Center for Internet Security (CIS)
  • Experience working in healthcare or other regulated industries.
  • Exposure to enterprise architecture frameworks such as TOGAF.
  • Experience building compliance roadmaps in early-stage startups
  • Exposure to Containerization platforms like Docker, Kubernetes, or VMware Tanzu
  • Exposure to Serverless platforms like Azure Functions, AWS Lambda
  • Exposure to Big Data platforms like Hadoop, Databricks, Snowflake, Kafka, Cloudera
  • Exposure to DevSecOps
  • Exposure to DevOps Squad Organization Model

Responsibilities

  • Own and maintain the company’s Information Security Management System (ISMS).
  • Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST).
  • Respond to customer security questionnaires and due diligence requests.
  • Oversee vendor risk management, including contracts, reviews, and security posture assessments.
  • Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements.
  • Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity.
  • Define, implement, and maintain security policies, standards, and procedures.
  • Serve as the main point of contact for auditors, regulators, and external security partners.
  • Report compliance and risk posture to leadership and the board.

Benefits

  • Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Manager

Job Search Resources

Similar Manager, Security and Compliance job opportunities

Information Security and Compliance Officer
State of Delaware
State of Delaware • Dover, DE13d
Policy, Documentation, and Security Compliance
ASM Research
ASM Research10d
IT Security and Compliance Specialist
CSI Companies
CSI Companies • West Chester, OH7d • $70,000 - $90,000 • Onsite
Privacy and Security Compliance Specialist
The Pennsylvania State University
The Pennsylvania State University • University Park, FL3d • Remote
Privacy and Security Compliance Specialist
Penn State University
Penn State University • University Park, IL4d • Remote
Compliance Manager (Information Security)
Sterling Computers Corporation
Sterling Computers Corporation • North Sioux City, SD9d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service