Senior Compliance Specialist

About Spring Health

Spring Health is on a mission to eliminate every barrier to mental health. Through our clinically validated Precision Mental Healthcare technology, we deliver tailored care, including therapy, coaching, and medication, at the right time for each individual's needs.

We partner with over 450 companies, from startups to Fortune 500 corporations like Microsoft, Target, and Delta Airlines, providing leading mental health services to 10 million people globally. Our innovative platform has generated a net positive ROI for employers, with external validation of net savings for customers—a unique achievement in our category.

With significant capital raised from prominent investors including Generation Investment, Kinnevik, and Tiger Global, and a current valuation of $3.3 billion after our latest Series E Funding, we are just beginning our journey to make mental healthcare universally accessible.

The Opportunity: Senior Compliance Specialist

Reporting to the Sr Manager, IT Compliance, the Senior Compliance Specialist will play a crucial role in supporting all aspects of Information Security compliance. This includes key frameworks such as SOC 2 Type II, HITRUST, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), ISO 27001, ISO 42001, and ITGC-SOX. This is a fully remote, full-time position.

What You'll Do

• Support and contribute to established compliance programs, including SOC 2 Type II, HITRUST, HIPAA, GDPR, and readiness efforts for ISO 27001, ISO 42001, and ITGC-SOX, under the guidance of senior compliance leadership.
• Execute day-to-day audit and assessment activities such as evidence collection, coordination of internal interviews, documentation review, and remediation tracking.
• Partner closely with engineering, IT, security, and business teams to validate that controls are implemented and operating as designed.
• Assist with third-party risk management and supply chain compliance activities, including vendor due diligence and ongoing monitoring.
• Contribute to customer assurance efforts, including drafting questionnaire responses and participating in customer calls alongside more senior compliance team members.
• Support the execution and maintenance of Business Continuity and Disaster Recovery plans, including documentation updates and testing coordination.
• Operate and maintain GRC tooling, ensuring evidence is accurate, complete, and audit-ready.
• Perform internal control testing and risk assessments, document gaps, and support remediation tracking and follow-up.
• Draft and maintain policies, procedures, and SOPs in alignment with established standards and frameworks.
• Perform continuous monitoring activities such as access reviews, control testing, and artifact updates.
• Escalate risks, blockers, or ambiguity appropriately, providing timely updates and context to senior compliance leadership.

What Success Looks Like

• Reliable, high-quality execution of assigned compliance activities and audit tasks.
• Well-organized, accurate evidence and documentation that requires minimal rework.
• Successful support of SOC 2 and HITRUST audits through timely delivery of assigned responsibilities.
• Strong working relationships with cross-functional partners built on responsiveness and follow-through.
• Demonstrated growth in autonomy, judgment, and ability to handle increasingly complex compliance work over time.

What You'll Bring

• Bachelor’s degree plus 5+ years of experience in a GRC, IT compliance, security, or risk-focused role.
• Hands-on experience supporting audits and assessments aligned to frameworks such as SOC 2, HITRUST, HIPAA, GDPR, ISO 27001, and SOX ITGCs.
• Foundational experience supporting Business Continuity and Disaster Recovery (BCDR) activities, including documentation maintenance, testing coordination, and alignment to frameworks.
• Working knowledge of control execution, evidence requirements, and audit processes.
• Ability to operate independently within defined scope while seeking guidance on complex or novel issues.
• Strong organizational skills and attention to detail in managing documentation and deadlines.
• Clear written and verbal communication skills, with comfort collaborating across technical and non-technical teams.

Key Skills/Competency

• IT Compliance
• Information Security
• GRC (Governance, Risk, Compliance)
• SOC 2 Type II
• HITRUST
• HIPAA
• GDPR
• ISO 27001
• Risk Management
• Audit Support
• Policy Development