Sr. IT Compliance Specialist
Our mission: to eliminate every barrier to mental health.
Spring Health is the leading comprehensive mental health benefit for employers. We help employees understand their mental health issues and connect with best-in-class providers to get the right treatment at the right time.
From early detection to full recovery, Spring Health is the only clinically validated solution in the market proven to be more effective than traditional mental healthcare. By combining the latest technology with vetted providers, we help engage 1 in 3 employees, reduce recovery times, and lower healthcare costs. We are an award-winning, passionate, and mission-driven team with the support of leaders in psychiatry. We have raised over $100M to date from prominent VCs including Tiger Global, Northzone, Rethink, Work-Bench, RRE, and General Catalyst.
Reporting to the Senior IT Compliance Manager, the Senior IT Compliance Specialist will assist with all matters relating to Information Security compliance including SOC 2 Type II, HIPAA, GDPR, ISO 27001, PCI-DSS, CCPA, and SOX.
What You’ll Be Doing:
- Triage and track certification and audit work as it relates to SOC 2 Type II
- Work to establish a more efficient evidence gathering and reporting process
- Prepare compliance program to pursue additional security certifications, such as ISO 27001
- Assist with the maintenance of a GRC tool to more effectively manage all compliance initiatives and activities
- Perform information security risk assessments, document control deficiencies, and develop recommendations for improvement
- Continuously monitor information security risks by maintaining an information security risk register
- Assist with day-to-today compliance activities (third party vendor reviews, access reviews, documentation review requests, etc.)
- Perform periodic security and compliance gap assessments on new and existing systems, processes, and technologies
- Document and report control failures and gaps to stakeholders and provide guidance to improve alignment with compliance initiatives
- Develop, implement, and maintain information security governance artifacts such as policy, standards, and procedures to manage, support, and improve the organization’s information security program
- Triage and respond to client intake requests related to data privacy and security
- Develop and deliver information security training and awareness artifacts to develop and maintain a security-aware organizational culture
What we expect from you:
- Bachelor’s degree in a computing related discipline
- 3-5 years of experience in a compliance focused role
- Experience with common security frameworks and regulations such SOC2, HIPAA, GDPR, and ISO 27001
- Clear understanding of emerging information security trends, including changes to security frameworks and regulatory requirements
- Self-starter, organized, efficient, and proactive
- Great communication skills
Benefits of working at Spring Health:
Focus on total health including:
Generous medical, dental, vision coverage available day 1 + access to One Medical
Access to Spring Health’s platform which includes (10) free therapy sessions
Unlimited time off in addition to (12) paid holidays
16-18 weeks paid parental leave
$500 per year Wellness Reimbursement
Creating a culture you can thrive in:
Flexible remote and hybrid work style arrangements
Calm Fridays to encourage meeting & distraction free days
Donation matching to support your favorite causes
Employee resource groups
Supporting you financially through:
Competitive mix of salary and stock options
Employer sponsored 401(k) match
In addition to finding people who are truly excellent at what they do, we take our values at Spring Health seriously:
Members Come First We are genuine member advocates.
Move Fast to Change Lives We build with urgency and intention.
Take Ownership We extend trust and hold ourselves accountable.
Embrace Diverse Teams & Perspectives We find strength in the diversity of cultural backgrounds, ideas, and experiences.
Science Will Win We will achieve impact by innovation and evidence based frameworks.
Candor with Care We are open, honest and empathetic.
Spring Health is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex, marital status, ancestry, disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with applicable legal requirements. Spring Health is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you have a disability or special need that requires accommodation, please let us know.
#LI-remote
#LI-BW1