Senior Manager, Infosec Compliance

Summary

Join Kyruus Health as a Senior Manager of InfoSec Compliance and lead the enterprise-wide information security compliance and risk management strategy. Reporting to the Senior Director, Information Security, you will oversee crucial certifications (SOC 2 Type II, HITRUST) and implement robust controls across cloud infrastructures. Responsibilities include strategic risk assessment, policy governance, driving continuous improvement, and managing team performance. This role is vital for protecting sensitive data, maintaining customer trust, and ensuring security enables business growth. You will lead a high-performing team, strategically delegate tasks, champion the Kyruus Health certification strategy, and oversee control implementation aligned with various frameworks. You will also lead risk assessments, manage risks, handle day-to-day compliance activities, conduct gap assessments, document control failures, manage policies, support customers, provide security training, collaborate with other departments, and drive continuous improvement. This position offers significant impact on the company's security posture and growth.

Requirements

• 8+ years of experience, Bachelor's degree, or equivalent experience
• Deep understanding of regulatory compliance standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001, and experience in leading the implementation and maintenance of compliance programs
• Has comprehensive knowledge of security principles, technologies, and best practices, including encryption, authentication, firewalls, intrusion detection/prevention systems, and incident response
• Knowledge of security principles, technologies, and best practices, including encryption, authentication, firewalls, intrusion detection/prevention systems, and incident response
• Understanding of security testing tools and techniques, such as vulnerability scanning, penetration testing, and secure code analysis
• Understanding of cloud platforms (AWS, Azure, or Google Cloud) and their security features, best practices, and configurations, including hybrid and multi-cloud environments
• Exceptional analytical and problem-solving skills, with the ability to identify and address complex security risks and develop innovative, comprehensive mitigation strategies
• Strong project management skills, with the ability to plan, execute, and monitor security projects and initiatives, effectively prioritizing based on risk and business impact
• Excellent communication and collaboration skills, enabling effective interaction with both technical and non-technical stakeholders
• Experience in mentoring, coaching, and developing less experienced team members, building a strong team culture and fostering collaboration across the organization

Responsibilities

• Lead a high-performing team responsible for delivering on complex, business-critical compliance initiatives
• Provide coaching, mentorship, and career development to support both execution excellence and long-term growth
• Strategically delegate day-to-day compliance activities and project tasks to team members, ensuring efficient execution and optimal resource utilization
• Lead and champion the Kyruus Health strategy for certification and audit work as it relates to SOC 2 Type II, HITRUST
• Oversee the design and implementation of controls aligned to HITRUST CSF, NIST, SOC 2, and FedRAMP frameworks
• Drive control maturity through cross-functional execution, audit readiness, and continuous improvement
• Lead information security risk assessments, document control deficiencies, and develop recommendations for improvement
• Design and implement continuously monitor for information security risks by maintaining an information security risk register
• Delegate day-to-today compliance activities (third party vendor reviews, access reviews, documentation review requests, etc.)
• Lead periodic security and compliance gap assessments on new and existing systems, processes, and technologies
• Document and report control failures and gaps to stakeholders and provide guidance to improve alignment with compliance initiatives
• Develop, implement, and maintain information security governance artifacts such as policy, standards, and procedures to manage, support, and improve the organization’s information security program
• Triage and respond to client intake requests related to data privacy and security, as well as attend calls to discuss risks or issues with customers
• Develop and deliver information security training and awareness artifacts to develop and maintain a security-aware organizational culture
• Lead collaboration between the security team and other departments, such as IT, legal, and executive management
• Communicate complex security concepts and issues in a clear and actionable manner to non-technical stakeholders
• Identify opportunities for process improvements and enhancements in security operations
• Lead initiatives to upgrade or replace outdated systems and practices
• Maintain records of security incidents, responses, and resolutions
• Prepare reports and summaries for stakeholders, including recommendations for improving security posture
• Identify metrics to continuously monitor program effectiveness
• Engage with various teams in defining and implementing the overall security strategy related to infrastructure, ensuring that security is an enabler for our business

Benefits

• Base Pay Range: $165,000- $186,000
• Annual bonus program
• Equity
• Medical, dental, and vision benefits
• Unlimited paid time off (PTO)
• Generous paid parental leave
• A home office stipend
• 401(k) program with company match
• A wellness and lifestyle program