Security and Compliance Manager

Security & Compliance Manager

Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we are seeking a Security & Compliance Manager to lead Opala's compliance and risk management program in a fast-moving healthcare data startup environment. This role owns our audit roadmap (SOC 2, HIPAA, HITRUST), ensures compliance with regulatory frameworks, and drives customer trust by managing security reviews, vendor assessments, and evidence collection. This role is two-fold. As a strategic leader, you will be guiding our compliance roadmap, managing our MSP (IT + SOC / MDR), and interfacing with auditors. As a hands-on contributor, you will be partnering with engineering squads and our Security & Compliance Team to operationalize evidence gathering and process maturity.

Responsibilities

• Own and maintain the company's Information Security Management System (ISMS).
• Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST).
• Respond to customer security questionnaires and due diligence requests.
• Oversee vendor risk management, including contracts, reviews, and security posture assessments.
• Manage MSP performance (IT and SOC / MDR) and ensure evidence feeds align with audit requirements.
• Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity.
• Define, implement, and maintain security policies, standards, and procedures.
• Serve as the main point of contact for auditors, regulators, and external security partners.
• Report compliance and risk posture to leadership and the board.

Competencies

Preferred Qualifications

Benefits

Diversity and Inclusivity Statement

Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.