Key Facts

Remote From:

Canada , California (USA) , United States

Full time

Senior (5-10 years)

English

Hard Skills

Other Skills

•
Communication
•
Leadership
•
Analytical Skills
•
Detail Oriented

Roles & Responsibilities

Extensive experience with security frameworks and regulatory standards (e.g., NIST 800-53 Rev5, SOC 2 Type II, ISO 27001, HITRUST)
Knowledge of healthcare industry requirements and regulatory standards
Proven track record leading external audits and coordinating audit activities with auditors
Experience developing, implementing, and updating privacy/compliance policies and conducting gap analyses

Requirements:

Lead and manage external audits including MARSe, ARC-AMPE (NIST 800-53 rev5), SOC2 Type2, ISO27001, HITRUST
Assist in audit activities – interfacing with auditors, translating audit evidence requests to requirements, and coordinating evidence submission
Lead development and execution of new compliance policies and procedures within the organization
Conduct gap analysis between different frameworks and stay updated with changing compliance requirements and regulations

Job description

About VIMO:

What started as the “Expedia” of health insurance, has grown to a market leading company that is transforming government IT infrastructures with our proven SaaS and AI technology. Our innovative approach to health insurance shopping and enrollment has expanded beyond exchanges, and we’re now reinventing the way states administer safety net programs such as Medicaid, SNAP (food stamps), childcare, and unemployment insurance. With our cutting-edge technology, we’re helping agencies help more people, faster, and transform health care service delivery as we know it.

We are looking for a Privacy and Compliance Lead to join our VIMO team.

About The Role:

This role may involve access to sensitive, confidential, or regulated information. As a part of your role, you would be expected to handle such information responsibly and in accordance with the organization’s privacy, security, and data protection policies and procedures. Training specific to this role and the handling of sensitive, confidential, or regulated information is required.

By accepting this role, you acknowledge your responsibility to safeguard sensitive information, use company systems and data only for authorized business purposes, and adhere to established security practices including access control, data classification, and least-privilege principles. You are required to comply with all applicable company policies, legal, regulatory, and contractual requirements governing the protection and appropriate use of information.

To be successful in this role, you should possess extensive experience in Security framework knowledge, Health care industry requirements, and regulatory standards.

Privacy & Compliance Lead Responsibilities:

Leading/Managing External Audits including MARSe, ARC-AMPE (NIST 800-53 rev5), SOC2 Type2, ISO27001, HITRUST

Assisting in audit activities – Interfacing with the Auditors, translating audit evidence requests to actual requirements and working with teams to collect and submit the evidence.