Compliance Operations Administrator

HTD Health is a health technology consultancy on a mission to imagine, design, and build a healthier world. We partner with innovative healthcare organizations, from startups to Fortune 500 companies, to transform patient care and provider experiences. Our expert team supports clients across the entire digital product life cycle: technology strategy and roadmap planning, product discovery and user research, UX/UI design, web and mobile development, and organizational intelligence. Operating globally, with headquarters in New York, NY, Buenos Aires, Argentina and Lodz, Poland, we foster a collaborative, innovation-driven culture where strong technical team members can learn, thrive, and advance their careers.

Currently, we have an excellent opportunity for an ambitious Compliance Operations Administrator to join our HTD Health growing team! 

What we need from you:

• At least 3 years of experience in information security, compliance, or IT governance
• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent
• Strong knowledge of information security frameworks and standards
• Experience with security tools and technologies
• Communicative level of English – you feel okay with speaking about technical things in English;
• Developed interpersonal skills;
• Strong analytical and problem-solving abilities
• Proactivity and willingness to constantly develop and improve processes;
• Reliability, creativity, and independence;

Key responsibilities:

• Compliance Management: Oversee and maintain compliance with legal frameworks (e.g., HIPAA, GDPR) and certifications (e.g., SOC 2, ISO 27001). Develop and implement security policies, procedures, and standards. Maintain a compliance dashboard and documentation systems for all compliance activities.
• Audit and Assessment: Conduct company-wide security assessments and project-specific audits, focusing on data residency and cross-border data transfers. Perform Jamf, Jamf Protect, and Google Workspace audits to ensure device encryption, patch management, and account security.
• Security Controls Management: Collaborate with delivery managers to implement and document security controls, including access controls, MFA enforcement, vulnerability scanning, and static code analysis. Oversee remediation of vulnerabilities based on risk tolerance.
• Training and Awareness: Develop and deliver security training programs, including company-wide awareness and role-specific training (e.g., secure coding for developers). Foster a culture of security mindfulness.
• Risk Management: Perform security reviews for third-party vendors and monitor risks related to external dependencies. Ensure adherence to data privacy regulations in collaboration with legal and compliance teams.
• Incident Response: Develop, test, and maintain the incident response plan. Support the IT-Sec Team Manager during security breaches and document lessons learned to improve security posture.
• Metrics and Reporting: Develop metrics to track security control effectiveness. Generate regular security reports and present status updates to leadership.

What you can expect from us

• Salary depending on your skills and experience
• 20 paid days off (B2B)
• Work with the best tools available
• Flexible working hours
• Hybrid work model
• Personal educational budget: conferences, courses, workshops, and more
• Individual career path and continuous evaluation of your development
• Private medical care
• Multisport Plus member card or cinema card
• All necessary equipment such as MacBook Air, additional monitor and accessories
• A+ office in Warsaw or Lodz that includes coworking space with spots where you can crush with your laptop, open kitchen, standing desks, teleconference equipment, etc.