hero

Redefine Healthcare With Us.

Define Ventures Partners
22
companies
260
Jobs

Senior Manager of Security and Compliance

Verana Health

Verana Health

Legal
Remote
Posted on Saturday, June 15, 2024

Verana Health, a digital health company that delivers quality drug lifecycle and medical practice insights from an exclusive real-world data network, recently secured a $150 million Series E led by Johnson & Johnson Innovation – JJDC, Inc. (JJDC) and Novo Growth, the growth-stage investment arm of Novo Holdings.

Existing Verana Health investors GV (formerly Google Ventures), Casdin Capital, and Brook Byers also joined the round, as well as notable new investors, including the Merck Global Health Innovation Fund, THVC, and Breyer Capital.

We are driven to create quality real-world data in ophthalmology, neurology and urology to accelerate quality insights across the drug lifecycle and within medical practices. Additionally, we are driven to advance the quality of care and quality of life for patients. DRIVE defines our internal purpose and is the galvanizing force that helps ground us in a shared corporate culture. DRIVE is: Diversity, Responsibility, Integrity, Voice-of-Customer and End-Results. Click here to read more about our culture and values.

Our headquarters are located in San Francisco and we have additional offices in Knoxville, TN and New York City with employees working remotely in AZ, CA, CO, CT, FL, GA, IL, LA, MA, NC, NJ, NY, OH, OR, PA, TN, TX, UT , VA, WA, WI. All employees are required to have permanent residency in one of these states. Candidates who are willing to relocate are also encouraged to apply.

*Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Job Title: Sr. Manager of Compliance

Reporting directly to the Vice President of Security and Compliance for Verana Health, the Sr. Manager of Compliance will lead the operational aspects of Verana's Compliance program including, but not limited to, policies, education, auditing, risk assessments, investigations, ongoing monitoring, regulatory review, and develop and enforce Information Security policies, procedures, and standards. This role will be responsible for promoting Verana’s culture of compliance through collaboration and partnership between and across Verana’s business units and provide visibility into Verana’s overall risk posture. The Sr. Manager of Compliance shares accountability in the planning, design, implementation and maintenance of system-wide enterprise compliance programs and associated policies and procedures. Additionally, this position will collaborate with cross-functional teams including Quantitative Sciences, Product, and Engineering to implement controls, monitor them, and handle reporting and auditing functions related to supporting Information Security and Operational Compliance objectives.

Key Responsibilities:

  • Implement a new operating model to drive greater operational support at all entities served and provide recommendations and solutions through creativity, always seeking continuous improvement, initiating breakthroughs and working to resolve issues/barriers.
  • Help define the Compliance Mission & Vision and promoting it across Verana.
  • Influence executives, leaders, business units, and compliance teams on compliant practices and ethical behavior initiating breakthroughs and working to resolve issues/barriers.
  • Ensure that the compliance program is designed in a manner consistent with the Office of Inspector General’s guidelines and other published materials concerning effective compliance programs.
  • Effectively make timely decisions focused on performance and results, focusing on imperatives/projects and processes that are designed to provide the maximum quality/security/integrity for Verana customers.
  • Coordinate with General Counsel to monitor changes in the regulatory environment, and serves as the compliance SME regarding State and Federal laws and regulations, and communicate across Engineering, Product, QS and Security teams to ensure alignment.
  • Work closely with Verana leadership, operational staff, General Counsel, and other stakeholders to identify and mitigate risk and potential areas of non-compliance.
  • Actively participates in annual risk assessment, and leads the development of the annual Compliance Workplan.
  • Monitor the adherence with regulations, policies, and procedures and identify potential risk areas, and conduct routine audits in alignment with HITRUST.
  • Support entity leadership in assessing compliance risk related to new services, new products or new locations.
  • Drives awareness of compliance matters and decision-making through the Risk and Compliance Committee.
  • Coordinate with various departments, such as Legal, Human Resources, Operations and other departments as required, to develop and deliver appropriate annual compliance training, as well as ongoing training on compliance related topics.
  • Manage Verana’s Vendor Risk Management (VRM) processes and support security and compliance risk assessments.
  • Coordinate and/or responds to requests from Verana Compliance Leadership which may include board report preparation, review and investigation of select topics, audit requests, periodic surveys, serving on committees, assisting with the annual Work Plan, education and training and other initiatives, etc.
  • Works collaboratively with team members across the organization
  • Leads cross functional teams in the creation, implementation, and routine maintenance of Verana’s and/or our client's Quality Management System (QMS).
  • Plan, execute, and manage investigations, engaging other Verana subject matter experts and consulting with VP of Security & Compliance and legal counsel as needed to effectively manage timely and thorough reviews, maintain appropriate documentation, provide periodic updates to leadership that include potential risk, escalating as appropriate.
  • Support design and implementation of corrective actions in conjunction with operations and other leaders to investigations and other issues generated by the compliance program.
  • Oversee execution of annual Compliance Work Plan.
  • Maintain security and compliance Certifications - HITRUST, ONC, ISO90001 etc.
  • Proactively assesses compliance risks for Verana, collaborates and communicates effectively with operational stakeholders, identifies approaches to mitigate or monitor risks, develops compliance performance metrics, participates in the development of Verana Board reporting for compliance, and recommends strategies to achieve and sustain an effective compliance program aligned to Verana Compliance goals.

Basic Requirements:

  • Prefer knowledge of pertinent compliance regulatory requirements and compliance program elements including demonstrated understanding of OIG Compliance Guidelines, coding and billing compliance principles, fraud waste and abuse (e.g. stark law, anti-kickback statute), CMS Conditions of Participation and Conditions of Payment, and working knowledge of federal and state privacy laws.
  • Bachelor’s degree
  • 7+ years of progressive IT Security and Compliance experience in healthcare, or pharmaceutical settings dealing with health data (PHI).
  • AWS security experience a plus.
  • 5+ years of people management experience.
  • CISA, CISSP, HCCA, or CIA or other industry security/compliance certification.
  • Familiarity of ISO9001 Compliant Quality Management System Processes (QMS) in a big data application development environment.
  • 7+ years of audit, risk, and compliance background, with demonstrated proficiency in CSF and Regulatory Frameworks including NIST, ONC, HITRUST, HIPAA, CCPA, GDPR.
  • Experience in responding to, analyzing, and communicating information security incidents.
  • Background in working with Health Tech Startups
  • Strong Health Data management background is desirable.

Benefits:

  • We provide health, vision, and dental coverage for employees
    • For our PPO plans, Verana pays 100% of employee insurance coverage and 90% of family
    • For our HDHP plans, Verana offers additional monthly $100 indiviual/$200 HSA contribution
  • 401k Match - 3% match paid year end, up to $1000/year
  • A generous parental leave policy and family building support through the Cleo Family
  • Flexible vacation plans
  • $700 Learning & Wellness stipend
  • $25/wk in Doordash credit
  • Spring Health mental health support

Final note:

You do not need to match every listed expectation to apply for this position. Here at Verana, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.

Verana Health is committed to complying with all applicable pay transparency laws and supports equitable pay practices. We pay based on a market-based approach, supported with robust data and in alignment with the compensation of our existing team. We construct our compensation ranges based on the US national average but your pay may vary depending on your location and the cost of living index for that geographic area. In determining an offer, base salary will also be based on experience, qualifications, skills and market conditions.

Please note pay ranges for major metropolitan areas may be different.
National Pay Range
$145,000$180,000 USD