Security Compliance Manager

Job Description

Job Description

At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care.

One mission. One team. That's OneStudyTeam.

The Security Compliance Manager leads the organization's security compliance and assurance efforts—ensuring we meet and maintain certification requirements (e.g., ISO 27001, SOC 2) and always remain audit-ready. This role translates security control requirements into actionable work across teams, drives evidence collection and remediation, and strengthens risk management practices to enable growth in regulated environments.

• Lead security certification & audit readiness (ISO 27001 / SOC 2): Drive quarterly ISO control requirements, manage ISO surveillance audits, lead SOC 2 examination readiness, and oversee ongoing maintenance activities once achieved.
• Operate the ISMS controls program: Manage internal ISMS control reviews, coordinate remediation and corrective actions, and ensure controls remain effective and scalable as the organization changes.
• Evidence management & auditor response: Prepare for internal and external audits by organizing requests, gathering evidence, maintaining audit artifacts, and authoring clear, consistent responses to auditors.
• Risk management program execution: Recommend and implement improvements to the information security risk management program; develop and maintain the risk register, risk ownership, and workflows for tracking remediation plans to closure.
• Metrics, reporting, and stakeholder enablement: Partner with Security leadership to define and report KRIs/KPIs for the information security program; support consistent responses to customer security audits and questionnaires aligned to program commitments.
• Manage periodic reviews and updates of security policies and procedures to ensure alignment with certifications, business needs, and regulatory expectations.
• Partner with an outsourced/internal audit function to validate control performance and drive continuous improvement.
• Support cross-functional education and adoption of security requirements by translating compliance language into clear tasks, owners, and acceptance criteria.

• Required: Experience leading a successful ISO 27001 or SOC 2 certification effort.
• Required: 5+ years in a dedicated information security role in a regulated environment (e.g., HIPAA, GLBA, PCI).
• Preferred: Security certification such as CISA, CISM, CISSP (or similar).
• Demonstrated ability to lead ISO 27001 and/or SOC 2 certification efforts and ongoing maintenance activities.
• Strong competency in gap analysis and risk assessment methodologies; able to translate results into prioritized remediation plans.
• Working knowledge of security policy, procedure, and enforcement across key domains: access control, data classification, change management, asset management, BCDR, incident response, vulnerability management, secure SDLC, source control, endpoint protection.
• Ability to translate security/compliance requirements into actionable work for Engineering/IT/Operations (tickets, owners, acceptance criteria, evidence).
• Strong written and verbal communication—able to interface with all levels of the organization and produce high-quality audit-ready documentation.
• Technical foundation sufficient to understand high-level concepts related to public cloud (AWS/GCP/Azure), Agile SDLC, CI/CD, VPNs, and modern web applications.
• This role requires 100% of work to be performed in a remote office environment and requires the ability to use keyboards and other computer equipment.
• This is a remote position with less than 10% travel requirements. Occasional planned travel may be required as part of the role.

The expected salary range for this role is $140,000 - $170,000 USD per year for full time team members.

We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.

Note : OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization.

As a condition of employment, you will abide by all organizational security and privacy policies.

This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).

Mandatory Employer Disclosures:
Notice to Illinois applicants: Applicants are not obligated to disclose expunged juvenile records or adjudication, arrest, or conviction.
Notice to Connecticut applicants: OneStudyTeam may require applicants to submit to a urinalysis drug test in connection with an application for employment.
Notice to Arizona, Georgia, Indiana, and North Dakota applicants: OneStudyTeam complies with applicable laws prohibiting smoking in and around places of employment.
Notice to Massachusetts applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Notice to Rhode Island applicants: OneStudyTeam complies with Rhode Island law prohibiting smoking in enclosed areas within places of employment. OneStudyTeam is also subject to is subject to Chapters 29–38 of Title 28 of the Rhode Island General Laws.
Notice to Maryland applicants: UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT, OR CONTINUED EMPLOYMENT, THAT AN INDIVIDUAL SUBMIT TO OR TAKE A LIE DETECTOR OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.