The Security Program Manager will oversee compliance operations, support audit readiness, and manage regulatory frameworks while collaborating with teams to ensure security and privacy compliance.
Company Overview:
Role:
Key Responsibilities:
Qualifications/Skills:
To be a strong fit, you embody our Core Values:
Why You'll Love Working With Us:
Function Health is the AI operating system for health, designed to empower people to live 100 healthy years. We are redefining how individuals understand, measure, and improve their health by moving beyond reactive care and enabling proactive, data-driven insight into human biology. Function has been recognized as one of Fast Company’s Most Innovative Companies of 2024, and is venture-backed by Andreessen Horowitz (a16z). Hundreds of thousands of members have joined Function to take control of their health.
Through advanced diagnostics, deep biomarker testing, longitudinal data, and AI-enabled insights, Function equips members with actionable intelligence to take control of both the quality and length of their lives.
Function recently announced a $298M Series B and is entering its next chapter of growth. As we scale, the quality and durability of our People systems, data, and insights will directly shape our ability to attract, retain, and support exceptional talent.
We are growing our team and seeking out world-class talent that deeply believes in our mission to positively impact global health, has a relentless bias toward action, and a growth mindset. Function fosters a collaborative and dynamic environment where every day we build the future.
Role:
Function Health is building a lean, automation-first compliance program that is agile enough to adapt to both security and privacy requirements. From SOC 2 and HIPAA to CCPA and beyond, the program must be ready to respond to whatever the task demands. This requires an individual who can see the totality of the problem and not just a piece of it.
As a Security Program Manager, you'll support and execute our compliance operations, partner with cross-functional teams to enable compliant product growth and unblock business deals, and help ensure our controls and policies scale with the business.
This role is hands-on and impact-driven: you'll be a key contributor to audit readiness, run day-to-day compliance and privacy operations, and help Function meet the trust expectations of our members, partners, and regulators.
Key Responsibilities:
- Execute SOC 2 Type II and HIPAA compliance operations, including evidence collection, control testing, and audit readiness.
- Coordinate audit activities with auditors, external assessors, and internal stakeholders under the direction of compliance leadership.
- Maintain and update a unified control framework that maps SOC 2, HIPAA, and future frameworks (e.g., HITRUST).
- Drive vendor and third-party risk management, including onboarding reviews, risk assessments, and BAA/DPA tracking.
- Understand privacy obligations (HIPAA Privacy Rule, GDPR, state laws) and design solutions with a privacy-first focus.
- Partner with Sales and Legal to support business deals, including security questionnaires and contractual agreements.
- Execute quarterly compliance rituals: access reviews, risk register updates, policy acknowledgments, and training compliance.
- Translate regulatory requirements into engineer-friendly tickets, policy updates, and compliance summaries.
- Identify and implement opportunities for automation in compliance workflows (evidence collection, access certifications, vendor reviews).
- Coordinate privacy operations, including data retention, deletion, and handling of member data requests.
- Build awareness across the business so compliance and privacy are seen as enablers, not blockers.
Qualifications/Skills:
- 4–7 years of experience in compliance, GRC, or risk management, ideally in SaaS or healthtech.
- Strong knowledge of SOC 2 and HIPAA; familiarity with privacy frameworks such as GDPR, CCPA/CPRA, or HITRUST.
- Experience supporting audits end-to-end and preparing documentation for external parties.
- Experience coordinating across functions (Engineering, IT, Legal, Ops) to implement and sustain controls.
- Ability to connect regulatory requirements to business context and communicate tradeoffs clearly to technical and non-technical stakeholders.
- Familiarity with compliance automation tools (Vanta, Tugboat Logic, ConductorOne) and cloud environments (Okta, GCP, GitHub).
- Strong communication skills; able to draft policies, auditor-facing documentation, and compliance summaries.
- Ability to work cross-functionally to support secure, compliant patterns without slowing down business goals.
- Bonus: experience with healthcare data protection or supporting privacy programs in regulated industries.
Your dedication to these responsibilities will directly contribute to the success of our platform and the satisfaction of our users. We are looking for a proactive, skilled, and forward-thinking individual to join our team and help shape the future of our services.
To be a strong fit, you embody our Core Values:
- Ruthless Prioritization:
- We don’t let perfect get in the way of progress.
- We move quickly to drive value, not perfection.
- We prioritize what drives impact.
- We never compromise on standards of excellence.
- Member-First, Always:
- We design and deliver like we’re caring for someone we love.
- We create calendar, actionable, human experience.
- We prioritize responsiveness, peace of mind, and outcomes.
- We empower members with truth, clarity, and care.
- One Team, Moving Fast:
- We are aligned in purpose, prioritization, and speed.
- We gather diverse perspectives to make informed decisions.
- We clear paths for each other and move fast together.
- We communicate clearly and respectfully, rallying around shared goals.
- Radical Ownership, Relentless Execution:
- We don’t just ship– we own outcomes and drive results.
- We act with urgency and precision
- We anticipate, initiate, and follow through.
- We meet challenges with grit and pragmatism.
- We embrace new tech to deliver better outcomes.
- Mission Over Ego:
- We are ruthlessly aligned to our mission– and leave ego at the door.
- We disagree and commit.
- We don't tolerate politics or withholding information.
- We operate with honesty, transparency, and respect.
- Sustained Integrity in Every Detail:
- We earn trust by obsessing over accuracy, quality, and clarity in everything we do.
- We prioritize clinical precision– data must be right.
- We sweat the details because outcomes depend on them.
Why You'll Love Working With Us:
We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged. If you are a highly motivated and experienced individual who is passionate about using technology to improve people’s lives, we would love to hear from you.
At Function, we celebrate diversity and are committed to building a diverse and inclusive workforce. As an equal opportunity employer, we do not discriminate on the basis of race, color, gender identity, ancestry, religion, age, sexual orientation, national origin, disability, marital status, Veteran status, or any other occupationally irrelevant criteria.
Join the Function Health team and become a part of our mission to build a healthier future for all. Discover more about us and how we're changing the face of healthcare at Function Health.
Important Notice: Legitimate communication from the Function Health team will always come from an email address ending in @functionhealth.com. Function Health will never request personal information such as banking details or payment during the hiring process. Please be cautious of communications or job offers that come from other email domains, instant messaging platforms, or unsolicited calls. If you ever have doubts about the legitimacy of a communication, please reach out to us directly at [email protected].
Similar Jobs
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
As a Sr. Technical Account Manager, you provide proactive support to Premium Support customers, ensuring their success with CrowdStrike's platforms and engaging at all organizational levels. Responsibilities include onboarding, conducting health checks, advocating customer needs internally, managing escalations, and identifying account expansion opportunities.
Top Skills:
Enterprise Web TechnologiesLinuxmacOSPython ScriptingRestapiSecurity TechnologiesWindows Server Operating Systems
Fintech • Financial Services
Develop and implement HR strategies for sales and underwriting, oversee performance evaluations, manage workforce planning, and address employee relations issues.
Top Skills:
ChangeengineLatticeRippling
Fintech • Financial Services
The Senior People Business Partner will align HR initiatives with business goals, support performance evaluation, oversee talent strategies, and guide organizational changes, ensuring a high-performance culture.
Top Skills:
ChangeengineLatticeRippling
What you need to know about the Seattle Tech Scene
Home to tech titans like Microsoft and Amazon, Seattle punches far above its weight in innovation. But its surrounding mountains, sprinkled with world-famous hiking trails and climbing routes, make the city a destination for outdoorsy types as well. Established as a logging town before shifting to shipbuilding and logistics, the Emerald City is now known for its contributions to aerospace, software, biotech and cloud computing. And its status as a thriving tech ecosystem is attracting out-of-town companies looking to establish new tech and engineering hubs.
Key Facts About Seattle Tech
- Number of Tech Workers: 287,000; 13% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Amazon, Microsoft, Meta, Google
- Key Industries: Artificial intelligence, cloud computing, software, biotechnology, game development
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Madrona, Fuse, Tola, Maveron
- Research Centers and Universities: University of Washington, Seattle University, Seattle Pacific University, Allen Institute for Brain Science, Bill & Melinda Gates Foundation, Seattle Children’s Research Institute
