Compliance & Security Lead

About Plenful

Plenful is on a mission to transform healthcare operations from the inside out. Fresh off our $50M Series B and backed by Bessemer Venture Partners, Notable Capital, TQ Ventures, Susa/Kivu Ventures, and other leading investors, we’re building the category-defining AI agentic operating platform that healthcare teams rely on to operate smarter, faster, and more efficiently. Our technology empowers healthcare operators across hospital and health systems, pharmacies and payors to eliminate manual work, reduce administrative burden, and improve compliance, all while unlocking critical revenue to fund programs for their in-need patient populations.

Built by healthcare operators for healthcare operators, Plenful is driven by a deep understanding of the challenges facing today’s care teams. We’re passionate about equipping healthcare workers with world-class tools that deliver real, measurable impact, and we’re proud to serve leading healthcare organizations across the country. If you’re excited to help shape the future of healthcare, we’d love to meet you. Apply now to join our growing team.

About The Role

We’re seeking a highly motivated Compliance & Security Lead to establish and manage Plenful’s compliance programs as we scale. You’ll partner closely with our Engineering, Operations, and People teams to build and maintain robust security controls and ensure we exceed customer and regulatory expectations.

What You’ll Do

• Own and maintain Plenful’s compliance roadmap across relevant frameworks (SOC 2, HIPAA, HITRUST).
• Evaluate and consider future certifications; assess relevance and feasibility.
• Partner with Engineering and Security to design, document, and test technical and organizational controls.
• Coordinate evidence collection, policy reviews, gap assessments, and internal training for audit readiness.
• Drive vendor risk management: evaluate security questionnaires, manage relationships with compliance-automation partners.
• Perform and maintain company‑wide risk assessments.
• Develop and deliver company-wide compliance training.
• Respond to customer security questionnaires, RFPs, and due-diligence requests.

What We’re Looking For

• 5+ years of compliance and audit experience at a B2B SaaS or healthcare-tech company.
• Demonstrated hands-on ownership of SOC 2 Type II and HIPAA compliance programs.
• Strong working knowledge of NIST, ISO 27001, HITRUST, and related regulatory frameworks.
• Experience coordinating with engineering teams on technical controls and evidence collection.
• Excellent written and verbal communication skills - able to translate complex requirements into actionable tasks.
• Self-starter who thrives in a dynamic, fast-paced startup environment.

Plenful perks

• Comprehensive Benefits Package: Enjoy unlimited PTO, fully covered health insurance (medical, dental, and vision), meal stipend, health & wellness stipend, 401(k) matching, and stock options.
• Mission-Driven, World-Class Team: Join an exceptional group of professionals aligned around a meaningful mission and committed to making an impact.
• Opportunities for Growth: Strengthen your partnership expertise through collaboration with experienced, high-performing leaders across the organization.
• Flexible Work Environment: San Francisco based employees will be hybrid. All other locations are currently remote first.

Key skills/competency

• SOC 2 Compliance
• HIPAA Compliance
• HITRUST Framework
• NIST Standards
• ISO 27001
• Vendor Risk Management
• Compliance Auditing
• Security Controls
• Healthcare Technology
• Regulatory Compliance