Compliance & Risk Manager

Join to apply for the Compliance & Risk Manager role at Thoughtful AI

1 day ago Be among the first 25 applicants

Join to apply for the Compliance & Risk Manager role at Thoughtful AI

Join Our Mission to Revolutionize Healthcare

Smarter Technologies is redefining how healthcare organizations leverage automation and AI to improve efficiency, compliance, and patient outcomes. Our advanced AI-powered Revenue Cycle Automation platform enables providers to streamline and enhance their core business operations.

We're looking for an exceptional Compliance and Risk Manager to lead our enterprise-wide compliance and risk management programs.

As the Compliance and Risk Manager at Smarter Technologies, you will develop, implement, and oversee a comprehensive compliance program that ensures adherence to HIPAA, HITRUST, SOC 2, NIST, ISO 27001, and other relevant regulations and frameworks. This is a senior leadership role responsible for driving risk mitigation strategies, guiding cross-functional teams on compliance best practices, and ensuring we maintain the trust of our customers, partners, and regulators.

As our Compliance and Risk Manager, you will lead with visionary insight at the nexus of compliance, risk, and cutting-edge AI in healthcare. You'll craft governance frameworks that harmonize innovation with ethical accountability, mastering challenges like PHI protection in AI-driven environments. By pioneering transparent, bias-free algorithms and robust data privacy practices, you'll surpass regulatory standards while fueling business growth. Proactively shaping our response to emerging AI governance trends, you'll establish Smarter Technologies as a beacon of trust in responsible AI adoption.

Your strategic leadership will redefine compliance as a dynamic catalyst, building stakeholder confidence and accelerating innovation in a highly regulated landscape.

Key Responsibilities

• Design and lead a dynamic, company-wide compliance program aligned with HIPAA, HITRUST, SOC 2, NIST, ISO 27001, and emerging AI governance standards, ensuring ethical and innovative PHI management.
• Conduct comprehensive risk assessments, mitigating compliance, operational, and AI-specific risks like bias, explainability, and PHI re-identification, in line with HIPAA and HHS AI guidelines.
• Oversee internal and external audits, driving timely remediation and maintaining audit readiness with minimal findings.
• Develop and harmonize policies, procedures, and controls across business units, embedding AI ethics and de-identification protocols to prevent ePHI exposure in AI-driven processes.
• Act as the primary liaison with regulators, auditors, and assessors, fostering trust and alignment on compliance priorities.
• Guide and train teams on compliance best practices, emphasizing AI governance and AMA Principles for Augmented Intelligence.
• Report compliance status, risks, and metrics to senior leadership and the board, translating complex requirements into strategic insights.
• Proactively adapt programs to evolving laws, regulations, and industry standards, positioning compliance as a competitive advantage.

• A compliance program exceeding HIPAA, HITRUST, SOC 2, NIST, ISO 27001, and AI governance standards, driving innovation while securing PHI.
• Unified compliance practices across all business units, enforcing AI ethics and PHI de-identification to ensure trust and efficiency.
• Audit readiness with zero material findings, delivering immediate remediation in a high-growth startup environment.
• Cross-functional alignment that embeds compliance in AI-driven solutions, enabling rapid scalability.
• A culture where compliance accelerates innovation, establishing the startup as a leader in trusted healthcare technology.

• 10+ years of experience in compliance, risk management, or information security, with a focus on regulated environments
• Proven experience building and leading compliance programs that align with HIPAA, HITRUST, SOC 2, NIST, and ISO 27001
• Strong track record managing internal and external audits
• Experience collaborating with regulators and third-party auditors
• Excellent written and verbal communication skills with the ability to translate complex regulations into clear operational requirements
• Strong leadership and influencing skills, with experience driving change across diverse teams
• Bachelor's degree in law, business administration, information security, or a related field; advanced degree or relevant certifications (CCEP, CISA, CISM, CISSP) preferred

• Led compliance in high-growth healthcare or tech startups, securing AI and PHI operations.
• Built compliance into Dev Ops, cloud, and AI platforms, delivering secure, scalable systems.
• Mastered AI governance and healthcare tech regulations

• Competitive compensation
• Equity participation:
  Employee Stock Options
• Health benefits:
  
  Comprehensive medical, dental, and vision insurance
• Time off:
  Generous leave policies and paid company holidays