Medicom Group

Director of Legal, Risk & Compliance

Medicom Group

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $150,000 - $180,000 per year

Job Level

Lead

About the role

  • Own and lead Medicom’s information security and compliance programs, ensuring adherence to HIPAA, HITRUST, SOC 2, GDPR, and evolving regulatory standards.
  • Define, document, and continuously improve the company’s security control framework and risk management processes.
  • Leadership sponsor for SOC 2 audits and other certification efforts, coordinating with third-party auditors and internal stakeholders.
  • Prepare the organization for advanced frameworks and certifications, including FedRAMP readiness.
  • Serve as chair of the Confidentiality & Security Team (CST), including meeting leadership and agenda setting.
  • Review and assess customer MSAs, BAAs, and ISAs to ensure alignment with Medicom’s security controls and compliance posture.
  • Partner with Sales and Legal during enterprise negotiations to balance commercial objectives with risk mitigation.
  • Ensure ongoing compliance with contractual obligations, federal and state regulations, and customer procurement policies.
  • Coordinate with external counsel as appropriate regarding legal contracts and compliance matters.
  • Partner closely with Engineering to embed security and compliance requirements into product design and architecture.
  • Act as a trusted advisor across the organization on security, compliance, and risk-related matters.

Requirements

  • 8–12+ years of experience in information security, governance, compliance, and legal within healthcare, health tech, or SaaS environments.
  • CISSP strongly preferred (or equivalent advanced security certification).
  • Deep working knowledge of HIPAA, SOC 2, HITRUST, GDPR, CCPA; FedRAMP experience strongly preferred.
  • Experience leading audits, certifications, and regulatory assessments.
  • Demonstrated experience reviewing and negotiating contractual language (MSAs, BAAs, DPAs, ISAs).
  • Strong communication skills and ability to influence cross-functional stakeholders.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitycompliancerisk managementsecurity control frameworkauditsregulatory assessmentscontractual language reviewnegotiationproduct design securityarchitecture security
Soft Skills
leadershipcommunicationinfluencecross-functional collaborationagenda settingtrusted advisor
Certifications
CISSPadvanced security certification