Security Compliance and Privacy Manager

@ Function Health

About Us

Function Health was founded with a singular focus: empower you to live 100 healthy years. Using the best available technology, we ensure people don't suffer or die a preventable death. Recognized as one of Fast Company’s Most Innovative Companies of 2024 and backed by Andreessen Horowitz (a16z), our mission is to positively impact global health.

Role

As the Security Compliance and Privacy Manager at Function Health, you will build and manage an automation-first compliance program to meet SOC 2 Type II, HIPAA and other regulatory requirements. In this hands-on, impact-driven role, you will serve as the primary liaison with auditors, external assessors, and vendors while partnering with Legal to translate privacy and regulatory requirements into actionable controls.

Key Responsibilities

• Lead SOC 2 Type II and HIPAA compliance operations including evidence collection and control testing.
• Act as primary contact for auditors, external assessors and internal stakeholders.
• Partner with Legal to ensure compliance with privacy regulations such as HIPAA, GDPR, and state laws.
• Maintain a unified control framework mapping multiple compliance standards.
• Oversee vendor risk management including onboarding and third-party reviews.
• Drive quarterly compliance activities like access reviews and risk register updates.
• Translate regulatory requirements into engineer-friendly tasks and executive summaries.
• Identify automation opportunities in compliance workflows.
• Support privacy operations including data retention and member data management.
• Foster a culture where compliance and privacy are viewed as enablers.

Qualifications/Skills

• 6–10 years’ experience in compliance, GRC, or risk management, preferably in SaaS or healthtech.
• Strong knowledge of SOC 2 and HIPAA; familiarity with GDPR, CCPA/CPRA, or HITRUST.
• Proven ability to lead audits and represent compliance to external parties.
• Experience coordinating with Engineering, IT, Legal, and Operations.
• Familiarity with compliance automation tools and cloud environments like Okta, GCP, and GitHub.
• Excellent communication skills for preparing policies, audit documentation, and executive reports.
• Ability to influence teams toward secure and compliant practices.
• Bonus: Experience in healthcare data protection or building privacy programs in regulated industries.

To Be a Strong Fit, You Also Need

• Bias Toward Action: Ability to take initiative and move projects forward.
• Entrepreneurial Spirit: Adaptable and process-oriented mindset.
• Communication: Capable of explaining complex technical concepts simply.
• Remote Work Adaptability: Effective in remote work environments.
• Continuous Improvement: Committed to ongoing personal and professional growth.

Key skills/competency

• SOC2
• HIPAA
• Compliance
• GRC
• Risk Management
• Privacy
• Automation
• Cloud
• Audit
• Vendor Management