S

Senior Compliance Specialist II

Spring Health
3 hours ago
Remote friendly (Remote)
Worldwide

Our mission: eliminating every barrier to mental health.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. We're building a world where getting support is simple, personal, and built around the person, so care can continue through every job, move, health plan, and life stage.

Our AI-native platform helps us deliver personalized support across self-guided tools, coaching, therapy, medication management, and specialty care. With outcomes independently validated by JAMA Network Open and the Validation Institute, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

As an AI-native company, we believe technology should expand the reach, quality, and humanity of care. Every Spring Health team member is expected to use AI tools thoughtfully, apply human judgment to AI outputs, and keep building AI fluency in ways that support their role and our mission.

Reporting to the Sr Manager, IT Compliance, this Senior Compliance Specialist II joins Spring Health at a pivotal moment: the active integration of Alma, a recently acquired organization, into a unified compliance program. In the near term, this role will focus on learning Alma’s GRC tools and control environment, mapping them against Spring Health’s existing frameworks, and helping build a consolidated compliance organization. Longer term, this person will own and lead enterprise compliance programs across SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX. This is a full time position that is fully remote. Travel is limited. 

What you’ll do: 

Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration effort, building a working understanding of Alma's GRC architecture, tooling, vendor relationships, and audit history.Map Alma's existing control environment against Spring Health's compliance frameworks, identifying gaps, redundancies, and opportunities for harmonization.Partner with engineering, IT, security, and legal stakeholders across both organizations to facilitate a structured transition of compliance obligations, evidence, and tooling into a unified program.Own and strategically lead enterprise-level compliance programs, including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX, from planning through execution and continuous improvement.Develop deep technical knowledge of Spring and Alma product architecture and the unified roadmap to confidently lead customer assurance efforts and external and internal stakeholder engagements including enterprise calls, escalations, and complex security questionnaires.Lead complex risk assessments and translate technical, regulatory, and operational risk into clear, actionable recommendations for leadership.Lead the development and operationalization of an AI governance program, establishing policies, risk frameworks, and control standards that address the unique compliance and ethical considerations of AI and ML systems.Build and maintain AI-specific compliance documentation including AI use registers, model risk assessments, and governance procedures aligned to regulatory expectations.Conduct compliance vendor reviews with a particular focus on AI vendors, assessing data handling practices, model governance, regulatory alignment, and contractual compliance obligations.Technical AI skills and abilities to build and integrate AI into team workflows in a structured way, such as building AI-assisted playbooks for evidence collection & review, audit prep, and risk assessment documentation, customer assurance. Evaluate new AI tools and techniques relevant to compliance and GRC work; share learnings with the team and model disciplined adoption.

What success looks like: 

Smooth execution of the Alma compliance integration, with a documented control mapping, unified tooling plan, and clear transition milestones delivered to leadership.Strong working relationships established across both the Alma and Spring Health compliance functions, with a shared understanding of processes, tools, and priorities.A clear path to a unified compliance organization. Gaps identified, redundancies resolved, and a roadmap in place for a consolidated program.A functioning internal AI governance program with foundational policies, risk assessments, and controls in place for key AI systems.Successful execution and continuous improvement of SOC 2, HITRUST, ISO 27001/42001, and SOX programs with minimal audit findings and efficient remediation cycles.Strong cross‑functional partnerships, where compliance is viewed as a trusted advisor and enabler, not a blocker.

What you’ll bring:

  • Bachelor’s degree plus 7+ years of progressive experience in a GRC, IT compliance, security, risk, or related fields.
  • Experience building or contributing to an AI governance program, including familiarity with AI risk frameworks, model risk assessment, and translating AI-related regulatory requirements into operational controls.
  • Strong technical foundation for mapping complex product architecture to compliance requirements, including certifications and customer obligations, and driving independent stakeholder discussions
  • Deep, hands‑on expertise with frameworks and regulations such as SOC 2, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and SOX ITGCs.
  • Proven experience leading large‑scale audits and certification efforts end‑to‑end with minimal oversight.
  • Strong ability to interpret regulatory requirements and translate them into pragmatic, scalable controls.
  • Demonstrated track record of influencing cross‑functional stakeholders and driving outcomes without formal authority.
  • Exceptional written and verbal communication skills, with the ability to engage effectively with both technical teams and executive leadership.
  • Highly organized, proactive, and comfortable operating in ambiguity within a fast‑paced environment.

The target base salary range for this position is $147,800 - $164,000, and is part of a competitive total rewards package including equity and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay. 

Benefits provided by Spring Health:

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

  • Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
  • Employer sponsored 401(k) match of up to 2% for retirement planning
  • A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
  • We offer competitive paid time off policies including vacation, sick leave and company holidays.
  • At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
  • Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals. 
  • Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
  • Access to Wellhub,  which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
  • Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
  • Up to $1,000 Professional Development Reimbursement a year.
  • $200 per year donation matching to support your favorite causes.

Not sure if you meet every requirement? Research shows that women and people from historically underrepresented communities often hesitate to apply for roles unless they meet every qualification compared to other similarly-qualified candidates. At Spring Health, we are committed to fostering a workplace where everyone feels valued, empowered, and supported to Thrive. If this role excites you, we encourage you to apply.

Our privacy policy: https://springhealth.com/privacy-policy/

Spring Health is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex, marital status, ancestry, disability, genetic information, veteran status, gender identity or expression, sexual orientation, pregnancy, or other applicable legally protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with applicable legal requirements. Spring Health is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you have a disability or special need that requires accommodation, please let us know.