Senior Compliance Specialist II

Job Description

Our mission: to eliminate every barrier to mental health.

At Spring Health, we’re on a mission to revolutionize mental healthcare by removing every barrier that prevents people from getting the help they need, when they need it. Our clinically validated technology, Precision Mental Healthcare, empowers us to deliver the right care at the right time—whether it’s therapy, coaching, medication, or beyond—tailored to each individual’s needs.

We proudly partner with over 450 companies, from startups to multinational Fortune 500 corporations, as a leading provider of mental health service, providing care for 10 million people. Our clients include brands you use and know like Microsoft, Target, and Delta Airlines, all of whom trust us to deliver best-in-class outcomes for their employees globally. With our innovative platform, we’ve been able to generate a net positive ROI for employers and we are the only company in our category to earn external validation of net savings for customers.

We have raised capital from prominent investors including Generation Investment, Kinnevik, Tiger Global, Northzone, RRE Ventures, and many more. Thanks to their partnership and our latest Series E Funding, our current valuation has reached $3.3 billion. We’re just getting started—join us on our journey to make mental healthcare accessible to everyone, everywhere.

Reporting to the Sr Manager, IT Compliance, the Senior Compliance Specialist will assist with all matters relating to Information Security compliance including SOC 2 Type II, HITRUST, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), ISO 27001, ISO 42001 and ITGC-SOX.This is a full time position that is fully remote.

What you’ll do:

Supporting the IT Compliance team with the following responsibilities, but not limited to:

• Own and strategically lead enterprise-level compliance programs, including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX, from planning through execution and continuous improvement.
• Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs, including risk assessment, control testing strategy, and remediation oversight.
• Serve as the primary point of accountability for audits and certifications, independently managing assessment strategy, scope definition, auditor relationships, executive-level communications, and remediation prioritization.
• Design and evolve compliance program frameworks, proactively identifying gaps, scaling controls to support business growth, and aligning compliance initiatives with Spring Health’s risk tolerance and strategic objectives.
• Act as a subject matter expert and internal consultant for engineering, product, IT, Legal, Privacy, and Security teams, advising on control design, risk tradeoffs, and audit interpretation.
• Lead complex risk assessments and translate technical, regulatory, and operational risk into clear, actionable recommendations for leadership.
• Drive maturity of the GRC program and tooling, establishing best practices, improving automation and reporting, and ensuring high-quality, audit-ready evidence across the organization.
• Mentor and guide more junior compliance team members, setting standards for quality, rigor, and professionalism across compliance deliverables.
• Lead customer assurance and external stakeholder engagements for high-stakes or complex inquiries, including enterprise customer calls, escalations, and detailed security questionnaires.
• Own and mature cross-functional programs such as Business Continuity & Disaster Recovery, third-party risk management, and security awareness training, ensuring alignment with industry best practices and regulatory expectations.
• Provide strategic insights and regular updates to leadership, including risk trends, audit readiness, compliance metrics, and recommendations for investment or prioritization.

What success looks like:

• Successful execution and continuous improvement of SOC 2, HITRUST, ISO ²⁷⁰⁰¹⁄₄₂₀₀₁, and SOX programs with minimal audit findings and efficient remediation cycles.
• Compliance programs that scale seamlessly with company growth and new product offerings.
• Strong cross‑functional partnerships, where compliance is viewed as a trusted advisor and enabler, not a blocker.
• Demonstrated improvements in compliance maturity, risk management effectiveness, and audit efficiency year over year.
• Recognition as a go‑to expert for complex compliance, risk, and regulatory matters.

What you’ll bring:

• Bachelor’s degree plus 7+ years of progressive experience in a GRC, IT compliance, security, risk, or related fields.
• Deep, hands‑on expertise with frameworks and regulations such as SOC 2, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and SOX ITGCs.
• Proven experience leading large‑scale audits and certification efforts end‑to‑end with minimal oversight.
• Strong ability to interpret regulatory requirements and translate them into pragmatic, scalable controls.
• Demonstrated track record of influencing cross‑functional stakeholders and driving outcomes without formal authority.
• Experience designing or significantly maturing Business Continuity & Disaster Recovery programs.
• Exceptional written and verbal communication skills, with the ability to engage effectively with both technical teams and executive leadership.
• Highly organized, proactive, and comfortable operating in ambiguity within a fast‑paced environment.

The target base salary range for this position is $147,800 - $164,000 and is part of a competitive total rewards package including equity and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay.

Benefits provided by Spring Health:

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

• Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
• Employer sponsored 401(k) match of up to 2% for retirement planning
• A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
• We offer competitive paid time off policies including vacation, sick leave and company holidays.
• At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
• Access to Noom , a weight management program—based in psychology, that’s tailored to your unique needs and goals.
• Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
• Access to Wellhub,  which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
• Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
• Up to $1,000 Professional Development Reimbursement a year.
• $200 per year donation matching to support your favorite causes.

Not sure if you meet every requirement? Research shows that women and people from historically underrepresented communities often hesitate to apply for roles unless they meet every qualification compared to other similarly-qualified candidates. At Spring Health, we are committed to fostering a workplace where everyone feels valued, empowered, and supported to Thrive. If this role excites you, we encourage you to apply.

Ready to do the most impactful work of your life? Learn more about our values, what it’s like to work here, and how hypergrowth meets impact at Spring Health: Our Values

Our privacy policy: https://springhealth.com/privacy-policy/

Spring Health is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex, marital status, ancestry, disability, genetic information, veteran status, gender identity or expression, sexual orientation, pregnancy, or other applicable legally protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with applicable legal requirements. Spring Health is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you have a disability or special need that requires accommodation, please let us know.