Senior Compliance Specialist

Senior Compliance Specialist

Our mission : to eliminate every barrier to mental health.

At Spring Health, we're on a mission to revolutionize mental healthcare by removing every barrier that prevents people from getting the help they need, when they need it. Our clinically validated technology, Precision Mental Healthcare, empowers us to deliver the right care at the right timewhether it's therapy, coaching, medication, or beyondtailored to each individual's needs.

We proudly partner with over 450 companies, from startups to multinational Fortune 500 corporations, as a leading provider of mental health service, providing care for 10 million people. Our clients include brands you use and know like Microsoft, Target, and Delta Airlines, all of whom trust us to deliver best-in-class outcomes for their employees globally. With our innovative platform, we've been able to generate a net positive ROI for employers and we are the only company in our category to earn external validation of net savings for customers.

We have raised capital from prominent investors including Generation Investment, Kinnevik, Tiger Global, Northzone, RRE Ventures, and many more. Thanks to their partnership and our latest Series E Funding, our current valuation has reached $3.3 billion. We're just getting startedjoin us on our journey to make mental healthcare accessible to everyone, everywhere.

Reporting to the Sr Manager, IT Compliance, the Senior Compliance Specialist will assist with all matters relating to Information Security compliance including SOC 2 Type II, HITRUST, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), ISO 27001, ISO 42001 and ITGC-SOX. This is a full time position that is fully remote.

What you'll do :

Supporting the IT Compliance team with the following responsibilities, but not limited to :

• Develop, execute and ensure adherence to existing and planned compliance programs : Existing : SOC2 / HITRUST / HIPAA and GDPR Compliance; Planned : ISO 27001 / ITGC SOX / FedRAMP etc.
• Lead and manage annual assessment and audit related works (assessment planning, internal assessments, actual assessment interviews, evidence requests coordination, remediation coordination etc.) with external (external assessors other certification authorities) and internal stakeholders (organization wide engineering teams)
• Execution of Supply Chain and Third Party Vendor Management Program
• Support Customer Assurance Program - support customer calls, responding to customer questionnaires etc.
• Provide timely updates and escalations to leadership.
• Use, manage and maintain the GRC tool for effective compliance initiatives and activities
• Perform internal information security risk assessments, document control deficiencies, and develop recommendations for improvement
• Develop and maintain the necessary plans, policies, procedures, and standard operating protocols (SOPs) to support compliance assessments and strengthen Spring Health's overall security posture.
• Conduct continuous monitor activities by regularly - documenting updates to artifacts, risk management, access reviews etc.
• Support Remediation Tracking and Implementation
• Evolve, execute and delivery of information security and privacy awareness training and other role based training programs to build security aware organizational culture

What success looks like :

What you'll bring :

The target base salary range for this position is $125,000 - $145,850, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay.

Benefits provided by Spring Health :

Note : We have even more benefits than listed and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

Not sure if you meet every requirement? Research shows that women and people from historically underrepresented communities often hesitate to apply for roles unless they meet every qualification compared to other similarly-qualified candidates. At Spring Health, we are committed to fostering a workplace where everyone feels valued, empowered, and supported to Thrive. If this role excites you, we encourage you to apply.

Ready to do the most impactful work of your life? Learn more about our values, what it's like to work here, and how hypergrowth meets impact at Spring Health : Our Values

Our privacy policy : https : / / springhealth.com / privacy-policy /

Spring Health is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex, marital status, ancestry, disability, genetic information, veteran status, gender identity or expression, sexual orientation, pregnancy, or other applicable legally protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with applicable legal requirements. Spring Health is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you have a disability or special need that requires accommodation, please let us know.