Senior Compliance Specialist II

Responsibilities

• Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration effort, building a working understanding of Alma's GRC architecture, tooling, vendor relationships, and audit history.
• Map Alma's existing control environment against Spring Health's compliance frameworks, identifying gaps, redundancies, and opportunities for harmonization.
• Partner with engineering, IT, security, and legal stakeholders across both organizations to facilitate a structured transition of compliance obligations, evidence, and tooling into a unified program.
• Communicate integration status, risk findings, and program recommendations clearly to senior compliance leadership throughout the transition.
• Own and strategically lead enterprise-level compliance programs, including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX, from planning through execution and continuous improvement.
• Lead complex risk assessments and translate technical, regulatory, and operational risk into clear, actionable recommendations for leadership.
• Provide strategic insights and regular updates to leadership, including risk trends, audit readiness, compliance metrics, and recommendations for investment or prioritization.
• Lead the development and operationalization of Spring Health's AI governance program, establishing policies, risk frameworks, and control standards that address the unique compliance and ethical considerations of AI and ML systems.
• Build and maintain AI-specific compliance documentation including AI use registers, model risk assessments, and governance procedures aligned to regulatory expectations.
• Monitor the evolving global AI regulatory landscape (EU AI Act, NIST AI RMF, and others) and proactively advise leadership on impact to Spring Health's operations and product roadmap.
• Conduct compliance vendor reviews with a particular focus on AI vendors, assessing data handling practices, model governance, regulatory alignment, and contractual compliance obligations.
• Drive maturity of the GRC program and tooling, establishing best practices, improving automation and reporting, and ensuring high-quality, audit-ready evidence across the organization.
• Integrate AI into team workflows in a structured way, such as building AI-assisted playbooks for evidence review, audit prep, and risk assessment documentation.
• Evaluate new AI tools and techniques relevant to compliance and GRC work; share learnings with the team and model disciplined adoption.
• Establish quality standards for AI-assisted compliance work across the team, ensuring outputs meet the rigor and auditability expected of regulated deliverables.
• Mentor and guide more junior compliance team members, setting standards for quality, rigor, and professionalism across compliance deliverables.
• Lead customer assurance and external stakeholder engagements for high-stakes or complex inquiries, including enterprise customer calls, escalations, and detailed security questionnaires.
• What success looks like:
• Smooth execution of the Alma compliance integration, with a documented control mapping, unified tooling plan, and clear transition milestones delivered to leadership.
• Strong working relationships established across both the Alma and Spring Health compliance functions, with a shared understanding of processes, tools,

Benefits

Additional Information

Our mission: e liminating every barrier to mental health. Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. We're building a world where getting support is simple, personal, and built around the person, so care can continue through every job, move, health plan, and life stage. Our AI-native platform helps us deliver personalized support across self-guided tools, coaching, therapy, medication management, and specialty care. With outcomes independently validated by JAMA Network Open and the Validation Institute, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners. As an AI-native company, we believe technology should expand the reach, quality, and humanity of care. Every Spring Health team member is expected to use AI tools thoughtfully, apply human judgment to AI outputs, and keep building AI fluency in ways that support their role and our mission. Reporting to the Sr Manager, IT Compliance, this Senior Compliance Specialist II joins Spring Health at a pivotal moment: the active integration of Alma, a recently acquired organization, into a unified compliance program. In the near term, this role will focus on learning Alma's GRC tools and control environment, mapping them against Spring Health's existing frameworks, and helping build a consolidated compliance organization. Longer term, this person will own and lead enterprise compliance programs across SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX. This is a full time position that is fully remote. Travel is limited.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at springhealth66? Share your experience