At Spring Health, we’re on a mission to revolutionize mental healthcare by removing every barrier that prevents people from getting the help they need, when they need it. Our clinically validated technology, Precision Mental Healthcare, empowers us to deliver the right care at the right time—whether it’s therapy, coaching, medication, or beyond—tailored to each individual’s needs.
We proudly partner with over 450 companies, from startups to multinational Fortune 500 corporations, as a leading provider of mental health service, providing care for 10 million people. Our clients include brands you use and know like Microsoft, Target, J.P. Morgan Chase, and Delta Airlines, all of whom trust us to deliver best-in-class outcomes for their employees globally. With our innovative platform, we’ve been able to generate a net positive ROI for employers and we are the only company in our category to earn external validation of net savings for customers.
We have raised capital from prominent investors including Generation Investment, Kinnevik, Tiger Global, William K Warren Foundation, Northzone, RRE Ventures, and many more. Thanks to their partnership and our latest Series E Funding, our current valuation has reached $3.3 billion. We’re just getting started—join us on our journey to make mental healthcare accessible to everyone, everywhere.
Reporting to the Director, IT & Compliance, the Senior Compliance Specialist will assist with all matters relating to Information Security compliance including SOC 2 Type II, HITRUST, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), ISO 27001, ISO 42001 and ITGC-SOX.
What You’ll Be Doing:
Primarily lead your assigned IT Compliance Program as outlined below, but not limited to the following
- Develop, execute and ensure adherence to existing and planned compliance programs : Existing : SOC2 / HITRUST / HIPAA and GDPR Compliance; Planned: ISO 27001 / ITGC SOX / FedRAMP etc.
- Expedite AI adoption with the implementation of required AI compliance programs such as ISO 42001, NIST AI RMF
- Lead and manage annual assessment and audit related works (assessment planning, internal assessments, actual assessment interviews, evidence requests coordination, remediation coordination etc.) with external (external assessors other certification authorities) and internal stakeholders (organization wide engineering teams)
- Provide timely updates and escalations to leadership.
- Use, manage and maintain the GRC tool for effective compliance initiatives and activities
- Perform internal information security risk assessments, document control deficiencies, and develop recommendations for improvement
- Develop required plans, policies, procedures and SOPs to support compliance assessments and build better security posture for Spring Health.
- Conduct continuous monitor activities by regularly – documenting updates to artifacts, risk management, access reviews etc.
- Think out of the box and develop solutions to bring more automation and efficiency
Supporting the IT Compliance team with the following responsibilities, but not limited to:
- Conduct Gap Assessments, develop remediation plans in coordination with required stakeholders
- Support Remediation Tracking and Implementation
- Execution of Supply Chain and Third Party Vendor Management Program
- Support Customer Assurance Program – support customer calls, responding to customer questionnaires etc.
- Evolve, execute and delivery of information security and privacy awareness training and other role based trainings programs to build security aware organizational culture
What success looks like in this role:
- ISO 27001 / 42001 Planning and Execution
- Maintain and ensure security audit compliance in accordance with HITRUST and SOC 2
- Ensure achievement of team KPIs around regulatory compliance and process improvements
What we expect from you:
- Bachelor’s degree plus 5+ years of experience in a compliance focused role.
- You MUST have substantial ISO 27001 experience with in-depth knowledge of ISO 27001 standards management and implementation.
- Emerging ISO 42001, NIST AI RMF or any other AI compliance experience
- Experience with other common security frameworks and regulations such as SOC2, HIPAA, GDPR, HITRUST and SOX
- Demonstrated understanding of emerging information security trends, including changes to security frameworks and regulatory requirements
- Self-starter, organized, efficient, and proactive
- Strong communication and cross organization collaboration skills
Added bonus if you have:
- Experience with FedRAMP (Federal Risk and Authorization Management Program) compliance and regulations
- Relevant certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor are highly desirable
- Experience with OneTrust
The target base salary range for this position is $125,000 – $145,850, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually at minimum to ensure competitive and fair pay.
Share
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
VK
Mail