Web Compliance Manager

Reporting to the Director of Digital Communications, the Website Compliance Manager will play a critical role in safeguarding and advancing the institution’s expansive digital presence, which supports both Cancer Research & Patient Care, and the Institute’s Philanthropic and Advancement efforts. This individual will be responsible for ensuring that all public-facing websites and mobile applications adhere to applicable laws, regulations, and institutional policies—including HIPAA, Privacy, Information Security, and Accessibility (WCAG/ADA).

By partnering with internal requestors, external vendors, and the Institute’s IS, Compliance and General Counsel, the Website Compliance Manager will establish compliance at the outset of new projects, maintain vigilance across existing platforms, and protect against risks related to the improper handling of Personally Identifiable Information (PII) and Protected Health Information (PHI).

This role directly supports the institution’s mission by ensuring that digital platforms used by patients, caregivers, researchers, and the broader public are secure, accessible, compliant, and trustworthy. By managing digital compliance, the Website Compliance Manager will protect the Institute’s reputation, reduce risk, and ensure equitable access to critical cancer care and research information.

Located in Boston and the surrounding communities, Dana‑Farber Cancer Institute is a leader in life‑changing breakthroughs in cancer research and patient care. We are united in our mission of conquering cancer, HIV/AIDS, and related diseases. We strive to create an inclusive, diverse, and equitable environment where we provide compassionate and comprehensive care to patients of all backgrounds, and design programs to promote public health particularly among high‑risk and underserved populations.

We conduct groundbreaking research that advances treatment, we educate tomorrow’s physicians/researchers, and we work with amazing partners, including other Harvard Medical School‑affiliated hospitals.

• Ensure all websites and mobile applications are compliant with HIPAA and other privacy regulations.
• Validate that no PII or PHI is improperly disclosed, collected, or transmitted to third parties.
• Oversee adherence to institutional Information Security protocols.
• Confirm that all sites meet established WCAG/ADA accessibility standards to ensure equal access for patients, caregivers, and researchers.
• Support the marketing brand team with Brand Requirements and Standards.

• Partner with internal requestors to evaluate and approve new website initiatives, ensuring they meet regulatory, security, accessibility, and brand compliance requirements before launch.
• Conduct annual compliance audits of all public-facing websites and applications, leveraging automated tools such as Silktide, Siteimprove, or equivalent platforms.
• Document audit results, provide clear recommendations, and work with site owners to implement necessary remediations.
• Develop and maintain policies, procedures, and checklists for ongoing website governance.

• Educate staff and stakeholders on digital compliance standards, requirements, and best practices.
• Serve as a key liaison between internal clients/vendors and the Institute’s Web Governance Committee—a cross‑functional body comprised of compliance SMEs including Information Security, Privacy Compliance, General Counsel and Research Integrity.
• Provide consultative support during vendor selection and contract reviews to ensure compliance requirements are met.

• Stay current with evolving regulations, standards, and best practices related to Privacy, Info Sec, Accessibility, and healthcare compliance.
• Proactively recommend improvements in monitoring, auditing, and governance processes.
• Track emerging risks and ensure the institution remains ahead of compliance obligations.

• Ability to independently troubleshoot and resolve issues.
• Experience with application monitoring tools such as One Trust, Silktide, Dynatrace, New Relic, Data Dog &…