Privacy and Compliance Lead

About VIMO:

What started as the “Expedia” of health insurance, has grown to a market leading company that is transforming government IT infrastructures with our proven SaaS and AI technology. Our innovative approach to health insurance shopping and enrollment has expanded beyond exchanges, and we’re now reinventing the way states administer safety net programs such as Medicaid, SNAP (food stamps), childcare, and unemployment insurance. With our cutting-edge technology, we’re helping agencies help more people, faster, and transform health care service delivery as we know it.

We are looking for a Privacy and Compliance Lead to join our VIMO team.

About The Role:

This role may involve access to sensitive, confidential, or regulated information. As a part of your role, you would be expected to handle such information responsibly and in accordance with the organization’s privacy, security, and data protection policies and procedures. Training specific to this role and the handling of sensitive, confidential, or regulated information is required.

By accepting this role, you acknowledge your responsibility to safeguard sensitive information, use company systems and data only for authorized business purposes, and adhere to established security practices including access control, data classification, and least-privilege principles. You are required to comply with all applicable company policies, legal, regulatory, and contractual requirements governing the protection and appropriate use of information.

To be successful in this role, you should possess extensive experience in Security framework knowledge, Health care industry requirements, and regulatory standards.  

Privacy & Compliance Lead Responsibilities: 

• Leading/Managing External Audits including MARSe, ARC-AMPE (NIST 800-53 rev5), SOC2 Type2, ISO27001, HITRUST 

• Assisting in audit activities – Interfacing with the Auditors, translating audit evidence requests to actual requirements and working with teams to collect and submit the evidence. 

• Leading development and execution of new compliance policies and procedures within the organization. 

• Conducting Gap Analysis between different frameworks and keeping up with changing compliance requirements and amendments to regulations. 

• Evaluating internal operational and procedural compliance. 

• Analyzing and updating existing compliance policies and related documentation. 

• Providing Privacy requirements to the engineering and business teams 

Compliance Analyst Requirements: 

• At least 6 years of experience leading/managing with Audits, governance, risk and compliance within Information Technology or Information Security. 

• Demonstrated leadership in managing audits and compliance across the organization 

• Knowledge working with CMS (Center of Medicaid and Medicare Services) Security frameworks like MARSe, ARC-AMPE.  

• In-depth knowledge of industry compliance requirements related and standards such as, NIST SP800-53, ISO, and SOC2 

• Bachelor’s degree in computer technology, computer security or audit. 

• Exceptional ability to formulate and write compliance policies, procedures, and related documentation. 

• Advanced analytical, problem solving and continuous improvement abilities. 

Skills Required:  

• Relevant Security certification (CISA, CISM, CISSP, CRISC) 

• Technical Writing  

• Bonus - Experience with Security tools, ability to understand architecture Diagrams 

• A strategic mindset with the ability to set long term achievable goals 

• Lean Six Sigma or AGILE knowledge a plus. 

Salary : $130,000 - $150,000