Security & Compliance Manager

About TALON

As the industry pioneer in transparent healthcare pricing, we are experts in leveraging price transparency and consumer-centric principles to produce optimal outcomes. We've built the ultimate suite of software services designed to protect healthcare consumers from overpaying for care. Our innovative tools deliver a market-driven healthcare system, empowering consumers to make smart decisions and control their financial and physical well-being.

Recognized for rapid growth and industry leadership, TALON ranked #4 on the Boston Globe's "New England's 50 fastest-growing companies" and earned placement on the Inc. 5000 list in 2024 and 2025.

This position is fully on-site, in a fast-paced environment that requires initiative, flexibility and strong collaboration.

Please note: Remote or hybrid work options are not available for this role.


Position Overview

TALON is seeking a Security & Compliance Manager to lead the company's information security, compliance, and internal IT governance programs. This role will be responsible for maintaining and strengthening TALON's SOC 2 security framework, HIPAA compliance program, anti-money laundering (AML) and financial risk oversight, and internal security controls, while supporting the company's growing technology and regulatory requirements.

This is a hands-on leadership role that combines security governance, compliance oversight, and operational IT security management.

The Security & Compliance Manager will report to the Chief Technology Officer for operational strategy with a functional dotted line to the Board of Directors. They will work closely with engineering, operations, and leadership to ensure TALON maintains a strong security posture and regulatory compliance.

Key Responsibilities

Security & Risk Management

• Lead TALON's information security program
• Monitor and improve the organization's security controls, processes, and policies
• Manage security incident response planning and procedures
• Oversee vulnerability management and security monitoring
• Conduct periodic security risk assessments
• Partner with engineering to support secure development and infrastructure practices

Compliance & Governance

• Own and maintain TALON's SOC 2 compliance program
• Coordinate with external auditors during annual SOC 2 assessments
• Maintain and update security policies, procedures, and internal controls
• Manage HIPAA security and privacy compliance
• Support vendor risk management and third-party security reviews
• Respond to client security questionnaires and due diligence requests

Internal IT Security & Infrastructure

• Oversee and maintain TALON's internal IT security environment to ensure secure operations across company systems and networks
• Manage identity and access management processes
• Perform regular access reviews and privilege management
• Maintain secure employee onboarding and offboarding procedures
• Oversee endpoint security and device management
• Manage and maintain internal network security infrastructure, including:
  • Firewall configuration and monitoring
  • SFTP endpoints
  • Office Wi-Fi security
  • VPN access controls for remote connectivity
  • Network access policies and security monitoring
• Ensure appropriate logging, monitoring, and system security controls are in place

AML & Financial Risk Oversight

• Oversee TALON's anti-money laundering (AML) and financial risk oversight related to the company's healthcare rewards program
• Maintain AML policies and escalation procedures
• Coordinate with financial institutions and vendors responsible for payment processing
• Support sanctions screening and fraud risk monitoring processes

Security Awareness & Training

• Maintain TALON's security awareness and training program
• Educate employees on security best practices and compliance requirements
• Promote a culture of security awareness across the organization

Qualifications

Required Experience

• 5+ years of experience in information security, compliance, or governance roles
• Experience managing SOC 2 compliance programs
• Familiarity with HIPAA security and privacy requirements
• Experience working in technology, SaaS, or healthcare technology environments
• Understanding of security frameworks such as SOC 2, NIST, or ISO 27001
• Experience working with engineering teams on security controls

Preferred Experience

• Experience serving as a security or compliance lead in a growing technology company
• Familiarity with cloud infrastructure security (AWS preferred)
• Experience supporting healthcare data environments
• Experience with vendor risk management programs
• Experience supporting security audits and regulatory reviews

Key Attributes

Successful candidates will demonstrate:

• Strong organizational and program management skills
• Ability to translate regulatory requirements into practical security controls
• Strong communication skills across technical and non-technical teams
• Comfort operating in a hands-on, fast-growing company environment