Security and Compliance Manager
TALON · Portsmouth, NH · 1 mo ago
On-siteInformation TechnologyFull-time
Key Responsibilities
- Lead TALON’s information security program
- Maintain and improve the organization’s security controls, processes, and policies
- Manage security incident response planning and procedures
- Oversee vulnerability management and security monitoring
- Conduct periodic security risk assessments
- Partner with engineering to support secure development and infrastructure practices
- Own and maintain TALON’s SOC 2 compliance program
- Coordinate with external auditors during annual SOC 2 assessments
- Maintain and update security policies, procedures, and internal controls
- Support vendor risk management and third-party security reviews
- Respond to client security questionnaires and due diligence requests
- Oversee and maintain TALON’s internal IT security environment
- Manage identity and access management processes
- Perform regular access reviews and privilege management
- Maintain secure employee onboarding and offboarding procedures
- Oversee endpoint security and device management
- Manage and maintain internal network security infrastructure
- Ensure appropriate logging, monitoring, and system security controls are in place
- Oversee AML & Financial Risk Oversight
- Oversee TALON’s anti-money laundering (AML) and financial risk oversight related to the company’s healthcare rewards program
- Maintain AML policies and escalation procedures
- Coordinate with financial institutions and vendors responsible for payment processing
- Support sanctions screening and fraud risk monitoring processes
- Security Awareness & Training
- Maintain TALON’s security awareness and training program
- Education employees on security best practices and compliance requirements
- Promote a culture of security awareness across the organization
Qualifications
- 5+ years of experience in information security, compliance, or governance roles
- Experience managing SOC 2 compliance programs
- Familiarity with HIPAA security and privacy requirements
- Experience working in technology, SaaS, or healthcare technology environments
- Understanding of security frameworks such as SOC 2, NIST, or ISO 27001
- Experience working with engineering teams on security controls
- Preferred: Experience serving as a security or compliance lead in a growing technology company
- Preferred: Familiarity with cloud infrastructure security (AWS preferred)
- Preferred: Experience supporting healthcare data environments
- Preferred: Experience with vendor risk management programs
- Preferred: Experience supporting security audits and regulatory reviews