- Experience
- 3–7 yrs
- Salary
- USD 68,000 – USD 90,000 / year
- Openings
- 1
- Posted
- 1 week ago
- Work mode
- In office
- Education
- Bachelor's degree
- Eligibility
- Professionals with a bachelor’s degree or equivalent experience and 3 to 7+ years in compliance, privacy, risk, regulatory, audit, or healthcare operations roles can apply. Experience with security questionnaires, SOC audits, healthcare regulations, and cross-functional compliance work is expected.
- Resume
- Required to apply
Job description
About the Company
Office Ally has built its reputation on simplifying healthcare administration. What began as a clearinghouse for insurance claim processing has expanded into a broader healthcare technology platform offering cloud-based revenue cycle management tools. These solutions support eligibility checks, claims handling, revenue recovery, and payment processing so healthcare organizations can spend less time on administration and more time on patient care.
In April 2026, the company added Jopari Solutions, Inc., a specialist in straight-through electronic claims processing for Property & Casualty, Commercial, and Government healthcare. That acquisition strengthened Office Ally’s enterprise payment capabilities and widened its reach across claims, payments, and data exchange.
The organization is guided by four core principles: ownership, empowerment, innovation, and transparent communication.
- Ownership: Taking responsibility, driving outcomes, and being accountable for project success.
- Empowerment: Giving teams the freedom and backing to make thoughtful decisions.
- Innovation: Improving healthcare administration through creative, forward-looking solutions.
- Transparent Communication: Encouraging open, honest dialogue across teams and with clients to build trust and alignment.
Role Overview
The Senior Compliance Specialist supports enterprise compliance, privacy, risk management, and third-party oversight initiatives. The position handles customer and vendor questionnaires, assists with external audits and attestation work such as SOC audits, tracks regulatory changes, and evaluates state and federal requirements affecting healthcare operations, privacy, information security, and business practices.
This role suits someone who can analyze complex regulations, turn them into practical business guidance, and work closely with Compliance, Legal, Information Security, Product, Operations, and leadership teams to keep the organization prepared for audits and regulatory obligations.
Key Responsibilities
- Coordinate and prepare responses to due diligence questionnaires from customers, partners, and vendors across security, privacy, compliance, and risk topics.
- Support assessment requests based on frameworks and standards such as SOC 1, SOC 2, HIPAA/HITECH, HITRUST, Shared Assessments AUP Full SIG, NIST Cybersecurity Framework, ISO 27001, HECVAT, and similar customer-specific reviews.
- Collect evidence, bring in the right internal stakeholders, and maintain a library of standard answers and supporting documents.
- Spot response gaps and collaborate with internal teams to close them or clarify the information needed.
- Assist with annual external audit and attestation activities, including SOC audits.
- Help gather evidence, confirm controls, and organize audit-ready documentation for auditors.
- Review SOC reports and control narratives to better understand obligations, risks, and possible remediation steps.
- Track adherence to internal controls and contribute to control testing and documentation efforts.
- Research and analyze state and federal laws and regulations relevant to the company.
- Monitor developments tied to healthcare, privacy, cybersecurity, claims processing, electronic transactions, and data exchange.
- Summarize laws, guidance, regulations, and proposed rules into practical recommendations for business teams.
- Support impact assessments when requirements change or new regulations are introduced.
- Help draft, update, and maintain compliance policies, procedures, standards, and controls.
- Compare internal policies with regulatory and contractual requirements.
- Assist with risk assessments, compliance monitoring, and internal reviews.
- Keep records and evidence needed for audits, customer inquiries, and compliance requests.
- Work with Information Security, Legal, Operations, Product, and business teams to assess compliance considerations for new initiatives, vendors, products, and services.
- Join compliance meetings and provide subject-matter support on regulatory and contractual obligations.
- Prepare executive summaries, compliance reports, and client-facing compliance materials.
Requirements
- Bachelor’s degree in Compliance, Healthcare Administration, Business, Law, Risk Management, Information Security, Public Policy, or a similar discipline, or equivalent experience.
- 3 to 7+ years of experience in compliance, risk management, regulatory affairs, privacy, healthcare operations, audit support, or a related area.
- Hands-on experience answering vendor and customer security/compliance questionnaires.
- Background supporting or taking part in SOC 1 and/or SOC 2 audits.
- Proven ability to research, interpret, and evaluate state and federal regulations and their business impact.
- Strong business writing skills with the ability to produce clear, professional, and supportable compliance responses.
- Experience coordinating across multiple teams while balancing competing priorities.
- Strong analytical thinking and sound judgment.
- Ability to use AI tools for drafting reports, researching markets, and streamlining administrative work.
- Capacity to understand and synthesize complex legal and regulatory requirements.
- Excellent attention to detail and strong organizational habits.
- Ability to manage several projects and deadlines at the same time.
- Strong collaboration and stakeholder management skills.
- Comfort working with audit reports, control frameworks, and technical documentation.
- Proficiency with Microsoft Office, especially Excel, Word, and PowerPoint.
Preferred Qualifications
- Experience in healthcare, healthcare technology, clearinghouses, payers, workers’ compensation, or regulated technology environments.
- Exposure to HIPAA/HITECH, CMS rules, state healthcare/privacy requirements, SOC 1, SOC 2, HITRUST, NIST, ISO 27001, and workers’ compensation regulations.
- Experience with third-party risk management and vendor oversight.
- Experience handling third-party security or vendor questionnaires for customers, insurers, higher education institutions, or enterprise procurement teams.
- Professional certifications such as CHC, CISA, CIPP, CCEP, or CTPRP.
- Experience using GRC or compliance platforms.
Compensation and Benefits
The stated base salary range for this position is USD 68,000 to 90,000. Pay may vary depending on location, experience, and individual qualifications. The role may also include performance-based bonuses and a benefits package with medical, dental, and vision coverage, a 401(k) plan with company match, paid time off, and other employee benefits.
Equal Opportunity
Office Ally is an equal opportunity employer. Employment decisions are made without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any other category protected by applicable federal, state, or local law.