Director, Information Security Compliance - Remote

Overview

As the amount of biomedical data types and scale continues to grow, old ways of working with data hold back the pace of progress — fragmented data, overwhelming omics, complex manual work, analysis backlogs, friction in secure collaboration, and barriers to distributing workflows. We had a conviction about how to move us closer to a future of precision medicine by making it ten times faster and one-tenth the cost to generate knowledge, develop better treatments, and improve patient outcomes.

And so Manifold began its journey. We are a health research infrastructure company that enables researchers to focus on the high-impact research that matters most, by taking care of all the other stuff that gets in the way.

In Short

• Manage the Compliance Program: Oversee and improve the compliance framework and ensure effective operation of compliance processes and controls to ensure sustained adherence to multiple security standards (SOC 2, HIPAA/HITRUST, ISO 27001, NIST, FedRAMP, etc.) and customer requirements
• Strategic Alignment: Work closely with the CISO to align compliance efforts with business goals, providing key support in executing a robust compliance strategy
• Collaboration: Partner with engineering, IT, legal, and other stakeholders to embed compliance requirements into operational and product development processes, including SDLC, third-party management, risk assessments and incident response
• Broad Security Standards Focus: Oversee compliance efforts across a variety of standards and frameworks, addressing current needs while preparing for long-term business objectives
• Hands-On Execution: Actively manage compliance-related activities, including responding to customer compliance requests, policy development, control implementation, gap analyses, and audit readiness
• Decision-Making: Own and drive compliance-related decisions, ensuring timely, effective, and scalable solutions with supporting project and communication plans
• Audit and Certification Support: Facilitate internal and external audits and maintain our customer-facing trust documentation, thus ensuring organizational readiness
• Training and Awareness: Promote compliance awareness by developing and delivering training programs for team members
• Risk Management: Identify and mitigate compliance risks while ensuring the program evolves with the regulatory landscape.

Requirements

• Bachelor’s degree in a relevant field (e.g., Information Security, IT Risk Management, Computer Science, or related)
• 8+ years of experience in IT/security compliance, IT risk management, or information security roles, with hands-on program leadership
• Strong knowledge of security frameworks and regulations, including SOC 2, HIPAA/HI-TRUST, FedRAMP, ISO 27001, NIST, and others
• Proven ability to collaborate across technical and non-technical teams, with excellent communication skills
• Experience designing and operating compliance programs with a continuous improvement approach
• Hands-on expertise in drafting policies, implementing controls, and leading audit readiness efforts
• Project management skills with the ability to prioritize and execute multiple initiatives simultaneously
• Experience in a high-growth, technology company
• Familiarity with IT risk management aspects of cloud service models and architectures
• Certifications such as CISSP, CISM, CISA, or equivalent are preferred

Benefits

• Competitive salary and benefits package
• Opportunity to work in a rapidly growing company
• Collaborative and innovative work environment
• Professional development opportunities
• Flexible work arrangements