Medicom Group

Compensation

Full Description

About the role Medicom is seeking an Information Security Program Manager to join our Compliance team and lead the company’s information security and regulatory compliance programs. As a healthcare data company, Medicom must meet the highest standards for data protection while supporting rapid product development and growth. In this role, you will own Medicom’s internal compliance programs and partner closely with Engineering and cross-functional leaders to ensure security and compliance are embedded into our products, systems, and processes. You will play a critical role in maintaining HIPAA compliance while preparing the organization for additional frameworks such as SOC 2, GDPR, and FedRAMP. What you'll do Own and lead Medicom’s internal compliance and security programs, ensuring ongoing adherence to HIPAA, HITRUST, GDPR, SOC 2, and other evolving regulatory frameworks and standards. Partner closely with the Engineering team to incorporate security and compliance requirements into product design, feature development, and system architecture. Develop, maintain, and clearly communicate to internal and external stakeholders Medicom’s information security program, including controls, risk areas, and known limitations. Lead preparation for new compliance certifications and readiness efforts (e.g., SOC 2 Type 2, GDPR certification, FedRAMP readiness). Serve as the primary coordinator for the Confidentiality & Security Team (CST), including agenda setting, monthly meetings, and executive-level reporting. Manage all aspects of SOC 2 audits, including coordination with third-party auditors and internal stakeholders. Act as a trusted internal advisor, providing guidance, education, and support on compliance and security-related topics across the organization. Monitor changes in relevant laws, regulations, and industry standards, recommending and implementing updates to internal policies and processes. Qualifications 8+ years of experience in compliance, information security, privacy, or risk management, preferably within healthcare, health tech, or SaaS environments. CISSP (Certified Information Systems Security Professional) certification strongly preferred or other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Systems Security Engineering Professional) Strong working knowledge of industry frameworks and federal, regional, and state regulations such as HIPAA, SOC 2, CCPA, and GDPR; experience with FedRAMP is a plus. Proven ability to interpret complex regulatory requirements and translate them into practical, actionable guidance. Experience leading external audits, certifications, or regulatory assessments. Excellent documentation, organizational, and program management skills. Strong written and verbal communication skills, with the ability to align cross-functional stakeholders. Comfortable working independently and proactively in a fast-paced, growing organization. Equal Opportunity Employer Statement Medicom Technologies is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. Reasonable Accommodation Notice If you require a reasonable accommodation in the application process, please contact careers@medicom.us to discuss your needs. Salary Starting at $130k