Security and Compliance Manager

Opala is seeking a Security & Compliance Manager to lead their compliance and risk management program in a fast-moving healthcare data startup environment. The role owns the company's audit roadmap (SOC 2, HIPAA, HITRUST), ensures compliance with regulatory frameworks, and drives customer trust by managing security reviews, vendor assessments, and evidence collection.

Requirements

• Own and maintain the company’s Information Security Management System (ISMS)
• Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST)
• Respond to customer security questionnaires and due diligence requests
• Oversee vendor risk management, including contracts, reviews, and security posture assessments
• Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements
• Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity
• Define, implement, and maintain security policies, standards, and procedures
• Serve as the main point of contact for auditors, regulators, and external security partners
• Report compliance and risk posture to leadership and the board

Benefits

• Medical, dental, vision, life and AD&D insurance
• EAP, short-term and long-term disability
• 16 days PTO, 8 paid holidays, fully paid holiday closure
• Parental and family medical leave
• 401k, stock options and annual bonuses and salary increases based on merit