Director, Information Security Compliance

Summary

Join Manifold, a health research infrastructure company, as their experienced Director, Information Security Compliance. You will lead and manage the IT & Security compliance program, reporting directly to the CISO. This pivotal role requires navigating complex regulatory environments (HIPAA/HITRUST, ISO27001, SOC2, FedRAMP) and collaborating with cross-functional teams. You will oversee compliance processes, ensuring adherence to security standards and aligning efforts with business goals. The position demands hands-on execution of compliance activities, including audit readiness and risk management. Manifold is rapidly growing, so scalable compliance processes are crucial.

Requirements

• Bachelor’s degree in a relevant field (e.g., Information Security, IT Risk Management, Computer Science, or related)
• 8+ years of experience in IT/security compliance, IT risk management, or information security roles, with hands-on program leadership
• Strong knowledge of security frameworks and regulations, including SOC 2, HIPAA/HI-TRUST, FedRAMP, ISO 27001, NIST, and others
• Proven ability to collaborate across technical and non-technical teams, with excellent communication skills
• Experience designing and operating compliance programs with a continuous improvement approach
• Hands-on expertise in drafting policies, implementing controls, and leading audit readiness efforts
• Project management skills with the ability to prioritize and execute multiple initiatives simultaneously
• Experience in a high-growth, technology company
• Familiarity with IT risk management aspects of cloud service models and architectures

Responsibilities

• Manage the Compliance Program: Oversee and improve the compliance framework and ensure effective operation of compliance processes and controls to ensure sustained adherence to multiple security standards (SOC 2, HIPAA/HITRUST, ISO 27001, NIST, FedRAMP, etc.) and customer requirements
• Strategic Alignment: Work closely with the CISO to align compliance efforts with business goals, providing key support in executing a robust compliance strategy
• Collaboration: Partner with engineering, IT, legal, and other stakeholders to embed compliance requirements into operational and product development processes, including SDLC, third-party management, risk assessments and incident response
• Broad Security Standards Focus: Oversee compliance efforts across a variety of standards and frameworks, addressing current needs while preparing for long-term business objectives
• Hands-On Execution: Actively manage compliance-related activities, including responding to customer compliance requests, policy development, control implementation, gap analyses, and audit readiness
• Decision-Making: Own and drive compliance-related decisions, ensuring timely, effective, and scalable solutions with supporting project and communication plans
• Audit and Certification Support: Facilitate internal and external audits and maintain our customer-facing trust documentation, thus ensuring organizational readiness
• Training and Awareness: Promote compliance awareness by developing and delivering training programs for team members
• Risk Management: Identify and mitigate compliance risks while ensuring the program evolves with the regulatory landscape

Preferred Qualifications

Certifications such as CISSP, CISM, CISA, or equivalent are preferred