The Security Program Manager will oversee compliance operations, support audit readiness, and manage regulatory frameworks while collaborating with teams to ensure security and privacy compliance.
Company Overview:
Role:
Key Responsibilities:
Qualifications/Skills:
To be a strong fit, you embody our Core Values:
Why You'll Love Working With Us:
Function Health is the AI operating system for health, designed to empower people to live 100 healthy years. We are redefining how individuals understand, measure, and improve their health by moving beyond reactive care and enabling proactive, data-driven insight into human biology. Function has been recognized as one of Fast Company’s Most Innovative Companies of 2024, and is venture-backed by Andreessen Horowitz (a16z). Hundreds of thousands of members have joined Function to take control of their health.
Through advanced diagnostics, deep biomarker testing, longitudinal data, and AI-enabled insights, Function equips members with actionable intelligence to take control of both the quality and length of their lives.
Function recently announced a $298M Series B and is entering its next chapter of growth. As we scale, the quality and durability of our People systems, data, and insights will directly shape our ability to attract, retain, and support exceptional talent.
We are growing our team and seeking out world-class talent that deeply believes in our mission to positively impact global health, has a relentless bias toward action, and a growth mindset. Function fosters a collaborative and dynamic environment where every day we build the future.
Role:
Function Health is building a lean, automation-first compliance program that is agile enough to adapt to both security and privacy requirements. From SOC 2 and HIPAA to CCPA and beyond, the program must be ready to respond to whatever the task demands. This requires an individual who can see the totality of the problem and not just a piece of it.
As a Security Program Manager, you'll support and execute our compliance operations, partner with cross-functional teams to enable compliant product growth and unblock business deals, and help ensure our controls and policies scale with the business.
This role is hands-on and impact-driven: you'll be a key contributor to audit readiness, run day-to-day compliance and privacy operations, and help Function meet the trust expectations of our members, partners, and regulators.
Key Responsibilities:
- Execute SOC 2 Type II and HIPAA compliance operations, including evidence collection, control testing, and audit readiness.
- Coordinate audit activities with auditors, external assessors, and internal stakeholders under the direction of compliance leadership.
- Maintain and update a unified control framework that maps SOC 2, HIPAA, and future frameworks (e.g., HITRUST).
- Drive vendor and third-party risk management, including onboarding reviews, risk assessments, and BAA/DPA tracking.
- Understand privacy obligations (HIPAA Privacy Rule, GDPR, state laws) and design solutions with a privacy-first focus.
- Partner with Sales and Legal to support business deals, including security questionnaires and contractual agreements.
- Execute quarterly compliance rituals: access reviews, risk register updates, policy acknowledgments, and training compliance.
- Translate regulatory requirements into engineer-friendly tickets, policy updates, and compliance summaries.
- Identify and implement opportunities for automation in compliance workflows (evidence collection, access certifications, vendor reviews).
- Coordinate privacy operations, including data retention, deletion, and handling of member data requests.
- Build awareness across the business so compliance and privacy are seen as enablers, not blockers.
Qualifications/Skills:
- 4–7 years of experience in compliance, GRC, or risk management, ideally in SaaS or healthtech.
- Strong knowledge of SOC 2 and HIPAA; familiarity with privacy frameworks such as GDPR, CCPA/CPRA, or HITRUST.
- Experience supporting audits end-to-end and preparing documentation for external parties.
- Experience coordinating across functions (Engineering, IT, Legal, Ops) to implement and sustain controls.
- Ability to connect regulatory requirements to business context and communicate tradeoffs clearly to technical and non-technical stakeholders.
- Familiarity with compliance automation tools (Vanta, Tugboat Logic, ConductorOne) and cloud environments (Okta, GCP, GitHub).
- Strong communication skills; able to draft policies, auditor-facing documentation, and compliance summaries.
- Ability to work cross-functionally to support secure, compliant patterns without slowing down business goals.
- Bonus: experience with healthcare data protection or supporting privacy programs in regulated industries.
Your dedication to these responsibilities will directly contribute to the success of our platform and the satisfaction of our users. We are looking for a proactive, skilled, and forward-thinking individual to join our team and help shape the future of our services.
To be a strong fit, you embody our Core Values:
- Ruthless Prioritization:
- We don’t let perfect get in the way of progress.
- We move quickly to drive value, not perfection.
- We prioritize what drives impact.
- We never compromise on standards of excellence.
- Member-First, Always:
- We design and deliver like we’re caring for someone we love.
- We create calendar, actionable, human experience.
- We prioritize responsiveness, peace of mind, and outcomes.
- We empower members with truth, clarity, and care.
- One Team, Moving Fast:
- We are aligned in purpose, prioritization, and speed.
- We gather diverse perspectives to make informed decisions.
- We clear paths for each other and move fast together.
- We communicate clearly and respectfully, rallying around shared goals.
- Radical Ownership, Relentless Execution:
- We don’t just ship– we own outcomes and drive results.
- We act with urgency and precision
- We anticipate, initiate, and follow through.
- We meet challenges with grit and pragmatism.
- We embrace new tech to deliver better outcomes.
- Mission Over Ego:
- We are ruthlessly aligned to our mission– and leave ego at the door.
- We disagree and commit.
- We don't tolerate politics or withholding information.
- We operate with honesty, transparency, and respect.
- Sustained Integrity in Every Detail:
- We earn trust by obsessing over accuracy, quality, and clarity in everything we do.
- We prioritize clinical precision– data must be right.
- We sweat the details because outcomes depend on them.
Why You'll Love Working With Us:
We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged. If you are a highly motivated and experienced individual who is passionate about using technology to improve people’s lives, we would love to hear from you.
At Function, we celebrate diversity and are committed to building a diverse and inclusive workforce. As an equal opportunity employer, we do not discriminate on the basis of race, color, gender identity, ancestry, religion, age, sexual orientation, national origin, disability, marital status, Veteran status, or any other occupationally irrelevant criteria.
Join the Function Health team and become a part of our mission to build a healthier future for all. Discover more about us and how we're changing the face of healthcare at Function Health.
Important Notice: Legitimate communication from the Function Health team will always come from an email address ending in @functionhealth.com. Function Health will never request personal information such as banking details or payment during the hiring process. Please be cautious of communications or job offers that come from other email domains, instant messaging platforms, or unsolicited calls. If you ever have doubts about the legitimacy of a communication, please reach out to us directly at [email protected].
Similar Jobs
Cloud • Information Technology • Security • Software • Cybersecurity
The Senior Sales Engineer will deliver technical presentations, partner with stakeholders on solution design, lead product evaluations, and guide the sales process to ensure success in technical sales.
Top Skills:
CybersecurityDnsFirewallsNetworkingRoutingTcp/IpVpns
Artificial Intelligence • Consumer Web • Digital Media • Information Technology • Social Impact • Software
As a People Partner at Circle, you will coach managers, develop people programs, maintain team sentiment, and partner with leadership on talent strategy, creating a supportive work environment for employees.
Artificial Intelligence • Productivity • Software • Automation
Join Zapier's GTM team, contributing to sales and automation strategies while leveraging AI tools to build playbooks and foster growth.
Top Skills:
AIAutomation
What you need to know about the Ottawa Tech Scene
The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.
