Senior Compliance Specialist, Business Resiliency
San Francisco, California, United States of America
Full Time
3 weeks ago
$125,000 - $158,700 USD
Visa Sponsor
Key skills
CloudSpringSaaSJiraLeadershipCommunication
About this role
Role Overview
- Coordinate and mature the enterprise Business Continuity (BC), Disaster Recovery (DR), and Crisis Management programs, ensuring they are actionable, measurable, and aligned to business risk and member safety.
- Serve as the central partner to Department BCP/DR Champions by providing templates, guidance, and "definitions of done" to ensure distributed execution across teams like Engineering, Clinical Operations, and Member Support.
- Plan and lead cross-functional exercises, including tabletops, functional drills, and technical DR tests, while documenting success criteria and after-action reports.
- Maintain the enterprise BCP/DR catalog for critical applications and business processes (tiering, ownership, dependencies, recovery objectives, artifact status, test history), incorporating updates surfaced by Champions and application owners.
- Coordinate the Business Impact Analysis (BIA) and critical service mapping process to keep recovery priorities and minimum service levels aligned to real-world operational impact.
- Maintain and test escalation paths, communication workflows, and stakeholder contact mechanisms to ensure alignment with broader incident response practices.
- Consolidate findings from drills and incidents into an accountable backlog, driving follow-ups and escalating blockers through governance forums.
- Produce leadership reporting on resilience posture (KPIs/KRIs, readiness heatmaps, top risks, testing outcomes, remediation aging), highlighting where Champions/teams need support or prioritization.
- Support annual audit readiness for SOC 2 Type II, HITRUST, HIPAA, and ISO 27001 by maintaining control narratives and high-quality evidence discipline.
- Contribute to customer assurance efforts, including drafting security questionnaire responses and conducting vendor due diligence or third-party risk monitoring.
- Perform internal control testing, such as access reviews and artifact updates, while maintaining GRC tooling to ensure data is accurate and audit-ready.
- Draft and maintain policies, procedures, and SOPs in alignment with established enterprise standards and regulatory frameworks.
Requirements
- Bachelor’s degree (or equivalent experience) plus 5+ years in business continuity, disaster recovery, crisis management, technology risk, GRC, IT operations, or related program management, ideally in a regulated and/or healthcare-adjacent environment.
- Demonstrated experience running enterprise-wide programs with distributed ownership, where success depends on enabling and coordinating “champions” or delegates across departments rather than doing all execution centrally.
- Deep knowledge of BIA, dependency mapping, and RTO/RPO concepts, and how they translate into practical technical and operational runbooks
- Hands-on experience supporting audits or assessments aligned to SOC 2, HITRUST, HIPAA, GDPR, or ISO 27001.
- Strong attention to detail with the ability to manage multiple workstreams, evidence collection, and remediation tracking simultaneously
- Nice to Have: CBCP/CBCI or ISO 22301 training; familiarity with cloud/SaaS resilience patterns; experience with GRC tools and Jira/Asana workflows.
Tech Stack
- Cloud
Benefits
- Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
- Employer sponsored 401(k) match of up to 2% for retirement planning
- A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
- We offer competitive paid time off policies including vacation, sick leave and company holidays.
- At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
- Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals.
- Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
- Access to Wellhub, which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
- Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
- Up to $1,000 Professional Development Reimbursement a year.
- $200 per year donation matching to support your favorite causes.