Security Risk & Compliance, HIPAA

TL;DR

Security Risk & Compliance, HIPAA: Owning HIPAA compliance operations end-to-end across hirify.global's product portfolio, including Claude Code, the Claude Developer Platform, and Claude Cowork with an accent on executing HIPAA obligations, building change monitoring mechanisms, and partnering with product and engineering teams. Focus on assessing PHI data flows, infrastructure boundaries, and control coverage across cloud-native product environments.

Location: San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC. Expect all staff to be in one of our offices at least 25% of the time.

Salary: $255,000 - $270,000 USD

Company

hirify.global’s mission is to create reliable, interpretable, and steerable AI systems.

What you will do

• Operate hirify.global’s HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.
• Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.
• Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes.
• Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.
• Assess and document PHI data flows, infrastructure boundaries, and control coverage across hirify.global’s cloud-native product environments.
• Contribute to hirify.global’s broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

Requirements

• Have 5+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Have evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal
• Have designed and operated a compliance review mechanism integrated into a product development or release process
• Can translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams
• Deliver clear, precise compliance documentation — policies, checklists, audit evidence, deployment guides — for both technical and non-technical audiences
• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.

Nice to have

• Have worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments
• Have HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls
• Bring experience from high-growth technology companies where compliance programs had to scale alongside rapid product expansion
• Have implemented or significantly contributed to compliance automation or GRC tooling integrations
• Possess relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

Culture & Benefits

• Competitive compensation and benefits.
• Optional equity donation matching.
• Generous vacation and parental leave.
• Flexible working hours.
• Lovely office space in which to collaborate with colleagues.