ZERO Compliance Manager Remote · Full time Company website

Apply for Compliance Manager

We’re building a member-first healthcare experience that allows providers to focus more on their patients while getting paid fast and hassle-free; which saves employers as much as 50% on the cost of care; enabling care to be $0 out-of-pocket for plan members. No copays. No deductibles. No coinsurance. It’s healthcare the way it should be.

The Compliance Manager is responsible for managing and expanding ZERO's comprehensive compliance program, ensuring the organization maintains the highest standards of security, privacy, and regulatory adherence. This role owns the day-to-day execution of compliance frameworks including SOC 2 Type 2, HIPAA attestation, and will drive ISO 27001 certification efforts. The Compliance Manager serves as the bridge between regulatory requirements and operational excellence, working cross-functionally to embed compliance into ZERO's culture and processes while maintaining the agility and efficiency that defines our organization.

This is a hands-on role that goes beyond traditional compliance management. In addition to owning compliance frameworks and certifications, this position handles contract reviews for compliance and technical legal considerations, manages vendor security assessments, builds customer-facing trust programs, and contributes to broader security operations. The ideal candidate combines deep compliance expertise with practical security operations experience and can translate complex regulatory requirements into actionable, scalable processes.

Key Responsibilities

Compliance Program Management

• Own and manage ZERO's SOC 2 Type 2 compliance program, including evidence collection, control implementation, and annual audit preparation
• Maintain HIPAA compliance attestation and ensure ongoing adherence to HIPAA Security Rule, Privacy Rule, and Breach Notification requirements
• Drive ISO 27001 certification efforts, including gap analysis, ISMS implementation, and certification audit preparation
• Maintain compliance with Gramm-Leach-Bliley Act (GLBA) requirements, including privacy notices, safeguards, and information security programs
• Establish and maintain compliance documentation, policies, procedures, and control evidence in Drata
• Monitor regulatory landscape for changes affecting healthcare technology and adjust compliance program accordingly
• Coordinate with external auditors and assessors to ensure successful audit outcomes
• Develop and track key compliance metrics and KPIs, reporting status to leadership

Risk Management & Assessment

• Conduct regular risk assessments to identify compliance gaps and security vulnerabilities
• Build and maintain risk register with mitigation strategies and ownership assignments
• Perform vendor risk assessments and manage third-party compliance due diligence
• Lead security questionnaire responses (SIGs, VSAs, custom security assessments) for prospects and customers
• Review and assess impact of new technologies, processes, and business initiatives on compliance posture
• Identify and escalate compliance risks to Director of Cloud Systems and Security and CTO

Contract & Legal Review

• Review customer contracts, Business Associate Agreements (BAAs), Data Processing Agreements (DPAs), and vendor agreements for compliance and technical legal considerations
• Ensure contract terms align with ZERO's security capabilities, compliance obligations, and risk tolerance
• Collaborate with legal counsel and executive team on complex contract negotiations
• Maintain library of standard compliance and security contract language
• Flag technical commitments in contracts that require engineering or infrastructure changes

Trust & Transparency Programs

• Build and maintain customer-facing Trust Center in Drata showcasing security and compliance posture
• Create and manage security documentation for customers including security white papers, compliance summaries, and certification evidence
• Respond to customer security and compliance inquiries with clear, accurate information
• Support sales and customer success teams with compliance-related customer questions
• Maintain public-facing compliance certifications and attestations

Training & Awareness

• Develop and deliver comprehensive HIPAA training program for all employees, including role-specific training
• Expand security awareness training program to cover SOC 2, GLBA, and general security best practices
• Create and maintain training documentation, videos, and resources accessible to all team members
• Track training completion and ensure annual recertification requirements are met
• Build culture of security and privacy awareness across the organization
• Conduct onboarding training for new employees on compliance and security policies

Security Operations Support

• Assist with security operations activities such as log monitoring, alert triage, and incident response as needed based on experience and skillset
• Participate in Security Operations Center (SOC) or Network Operations Center (NOC) activities during high-priority events or coverage gaps
• Contribute to security tool configuration and monitoring (SIEM, EDR, vulnerability scanning, etc.)
• Support incident response activities including documentation, communication, and remediation tracking
• Assist with vulnerability management program including scan review and remediation verification
• Help maintain security infrastructure and tooling as needed

Cross-Functional Collaboration

• Partner with Engineering teams to implement technical security controls required by compliance frameworks
• Work with Cloud Systems and Security team on infrastructure security and compliance requirements
• Collaborate with Data and Analytics team on data governance, retention, and privacy controls
• Support Employer Experience, Member Experience, and Provider Experience teams on customer-facing compliance requirements
• Provide compliance guidance to Product Management on new features and products
• Ensure Accounting and HR teams maintain compliance with employee data privacy requirements

Continuous Improvement

• Identify opportunities to automate compliance evidence collection and control monitoring
• Streamline compliance processes to reduce operational overhead while maintaining effectiveness
• Stay current on compliance automation tools and GRC platform capabilities
• Recommend and implement process improvements that enhance security without hindering productivity
• Build scalable compliance frameworks that support ZERO's growth

Qualifications

Required:

• 3-5+ years of experience in compliance, security, or GRC (Governance, Risk, and Compliance) roles, preferably in healthcare technology or SaaS
• Deep knowledge of SOC 2 Type 2 requirements and experience managing annual audits
• Strong understanding of HIPAA Security Rule, Privacy Rule, and Breach Notification Rule
• Experience with compliance management platforms (Drata, Vanta, Secureframe, or similar)
• Proven track record of contract review and assessment for security and compliance considerations
• Experience responding to customer security questionnaires (SIGs, VSAs, custom assessments)
• Strong understanding of information security controls, risk management frameworks, and security best practices
• Excellent written and verbal communication skills with ability to explain complex compliance topics to non-technical audiences
• Strong organizational skills and attention to detail
• Ability to work independently and manage multiple priorities in a fast-paced environment
• Bachelor's degree in Information Security, Computer Science, Business, or related field, or equivalent experience

Strongly Preferred:

• Direct experience achieving ISO 27001 certification
• Knowledge of Gramm-Leach-Bliley Act (GLBA) compliance requirements
• Professional certifications such as CISSP, CISA, CISM, CRISC, or similar
• Experience with security operations (SOC/NOC), log analysis, or incident response
• Technical background with understanding of cloud infrastructure (AWS, Azure, GCP)
• Experience in startup or high-growth SaaS environments
• Familiarity with healthcare payer operations and self-funded health plans
• Experience building Trust Centers or customer-facing security documentation
• Knowledge of data privacy regulations (GDPR, CCPA, state privacy laws)

Nice to Have:

• HITRUST certification experience
• Experience with penetration testing coordination and vulnerability management
• Scripting or automation skills (Python, Bash, PowerShell)
• Understanding of medical claims processing and PHI data flows
• Previous experience in healthcare compliance (health plan, provider, or healthcare IT)
• Knowledge of PCI-DSS or other industry-specific compliance frameworks
• Experience with business continuity and disaster recovery planning
• Familiarity with Atlassian suite (Jira, Confluence) and Google Workspace

What Makes You Successful at ZERO

• You believe compliance should enable business growth, not hinder it
• You can translate regulatory requirements into practical, implementable controls without creating unnecessary bureaucracy
• You're comfortable working across technical and non-technical teams, adapting your communication style appropriately
• You're proactive about identifying risks and proposing solutions, not just flagging problems
• You can balance "perfect compliance" with "good enough for now" based on risk and business context
• You thrive in environments where you wear multiple hats and contribute beyond your core role
• You view compliance as a team sport and can build buy-in across the organization
• You treat sensitive healthcare data with the utmost care and understand the critical importance of privacy
• You're detail-oriented without losing sight of the bigger picture
• You're energized by building and improving systems, not just maintaining status quo
• You can work independently with minimal oversight while knowing when to escalate or collaborate

Working at ZERO

This role offers the opportunity to:

• Build and mature a compliance program at a high-growth healthcare technology company
• Own end-to-end compliance frameworks from strategy through execution
• Work directly with executive leadership on strategic security and compliance initiatives
• Shape ZERO's security culture during a critical growth phase
• Expand your technical security skills while leveraging your compliance expertise
• Make direct impact on products that eliminate financial barriers to healthcare for thousands of members
• Collaborate with a talented, mission-driven team across engineering, operations, and business functions
• Grow your career as ZERO scales - potential to build and lead a compliance and security team

ZERO values direct communication, pragmatic problem-solving, and a culture where team members are empowered to take ownership and make decisions. As Compliance Manager, you'll be a key partner to leadership in protecting our members' data and maintaining the trust of our customers while enabling the business to move quickly and serve more people.

The position requires treating sensitive data according to established company policies and maintaining the highest standards of confidentiality and integrity. You must be able to pass a criminal background check.