• This role leads and executes compliance testing for mortgage origination and servicing to assess control design and regulatory adherence. • It reviews policies and procedures for completeness, identifies control gaps, and supports root cause analysis and risk rating. • The position prepares clear testing documentation and reports, partners with stakeholders on remediation, and communicates findings effectively across the organization. • It also prioritizes testing activities, stays current on regulatory changes, supports audits and exams, and contributes to continuous improvement of compliance testing processes. • Independently design, lead and execute Compliance Testing to assess control design and operating effectiveness over compliance risks over both mortgage originations and servicing. • Review departmental policies, procedures and job aids to determine alignment with applicable regulations and completeness and provide recommendations to address identified control gaps and areas of non-compliance. • Identify findings, support root cause analysis, and assist with assigning risk ratings in line with internal guidelines. • Draft clear testing documentation, reports, and remediation recommendations for stakeholder review. • Partners with program owners and subject matter experts to track remediation actions and validate closure of control gaps. • Effectively communicate in writing and verbally to all levels of the business and Compliance the purpose of the review, any exceptions identified, all issues identified, the proposed repair, addition to, or replacement of any control identified as not being effective, and the expected timeline for said repair. • Efficiently prioritize workload based on due dates, progress, and importance of testing being completed. • Keep up to date with changes in applicable state and federal consumer laws, regulations, guidance, and interpretations. • Provide support for other Regulatory Compliance program initiatives and activities as needed, including internal and external audits or regulatory exams and strategic projects. • Support ongoing enhancements to the compliance testing processes, methodologies, and reporting by taking initiative, iterating feedback, and moving work forward efficiently.

About Care Access Care Access is working to make the future of health better for all. With hundreds of research locations, mobile clinics, and clinicians across the globe, we bring world-class research and health services directly to communities that often face barriers to care. We are dedicated to ensuring that every person has the opportunity to understand their health, access the care they need, and contribute to the medical breakthroughs of tomorrow. With programs like Future of Medicine, which makes advanced health screenings and research opportunities accessible to communities worldwide, and Difference Makers, which supports local leaders to expand their community health and wellbeing efforts, we put people at the heart of medical progress. Through partnerships, technology, and perseverance, we are reimagining how clinical research and health services reach the world. Together, we are building a future of health that is better and more accessible for all. To learn more about Care Access, visit www.CareAccess.com. How This Role Makes a Difference We are seeking a Senior Manager, GxP and Digital Quality to join our Quality team and help to support Quality at Care Access and our parent company Reify Health. This role will help to manage compliance risk and provide practical guidance on GxP quality at all stages of the software product lifecycle. The successful candidate will have hands-on experience implementing GxP compliance at a fast-paced technology company and will support quality for both internal and external software products, systems and AI products. The Senior Manager, GxP and Digital Quality must build and maintain collaborative relationships with internal and external stakeholders to accomplish key business objectives across departments. How You'll Make An Impact - Review and approve validation of software and AI products to ensure full compliance with regulatory requirements and company policies - Prepare for and support external regulatory audits; lead internal or vendor audits related to maintaining GxP and regulatory compliance - Development and maintenance of digital/software components of quality management systems, including AI quality management systems - Proactively monitor systems and processes to ensure compliance with standard operating procedures, audit compliance and industry best practices - Review key vendors for compliance with digital quality requirements - Train and educate internal stakeholders on quality processes and best practices - Perform other tasks and special projects assigned by quality leadership The Expertise Required - 3+ years of experience implementing GxP standards and advising on matters of quality compliance at a SaaS company, including GxP systems validation - Demonstrated leadership experience in implementing compliance programs within the software industry. Project management experience preferred. - Experience with Good Clinical Practice is required - Demonstrated experience with SaaS application and agile product development methodology. - Excellent communication and interpersonal skills - Strong analytical skills with the ability to effectively define business issues and recommendations - High attention to detail and organizational skills - Technical proficiency and understanding of data management in healthcare or clinical trial spaces - Highly detail-oriented with strong time management skills to manage multiple deadlines - Ability to work with minimal supervision and manage multiple priorities in a fast-paced environment Certifications/Licenses, Education, and Experience - Certifications in GxP quality, computer systems validation processes or quality systems management preferred. How We Work Together - Location: Remote within the United States. This role requires 100% of work to be performed in a remote office environment. - Travel: This is a remote position with travel requirements up to 40%. Occasional planned travel may be required as part of the role. - Physical demands associated with this position Include: The ability to use keyboards and other computer equipment. The expected salary range for this role is $110,000 - $145,000 USD per year for full time team members. Benefits & Perks (US Full Time Employees) - Paid Time Off (PTO) and Company Paid Holidays - 100% Employer paid medical, dental, and vision insurance plan options - Health Savings Account and Flexible Spending Accounts - Bi-weekly HSA employer contribution - Company paid Short-Term Disability and Long-Term Disability - 401(k) Retirement Plan, with Company Match Diversity & Inclusion We work with and serve people from diverse cultures and communities around the world. We are stronger and better when we build a team representing the communities we support. We maintain an inclusive culture where people from a broad range of backgrounds feel valued and respected as they contribute to our mission. We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to, and will not be discriminated against on the basis of, race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Care Access is unable to sponsor work visas at this time. If you need an accommodation to apply for a role with Care Access, please reach out to: TalentAcquisition@careaccess.com Mandatory Employer Disclosures: Notice to Illinois applicants: Applicants are not obligated to disclose expunged juvenile records or adjudication, arrest, or conviction. Notice to Connecticut applicants: Care Access may require applicants to submit to a urinalysis drug test in connection with an application for employment. Notice to Arizona, Georgia, Indiana, and North Dakota applicants: Care Access complies with applicable laws prohibiting smoking in and around places of employment. Notice to Massachusetts applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Notice to Rhode Island applicants: Care Access complies with Rhode Island law prohibiting smoking in enclosed areas within places of employment. Care Access is also subject to is subject to Chapters 29–38 of Title 28 of the Rhode Island General Laws. Notice to Maryland applicants: UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT, OR CONTINUED EMPLOYMENT, THAT AN INDIVIDUAL SUBMIT TO OR TAKE A LIE DETECTOR OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.

CyberSheath Services International LLC is a rapidly growing Managed Services Provider primarily focused on providing CMMC Compliance and Cybersecurity services to the Defense Industrial Base (DIB). We are excited to be expanding our staff due to our growth and are looking to add to our team!  CyberSheath integrates compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and, in fact, may weaken an organization’s security posture. Our professionals advise clients where to stop spending, where to invest, and how to take what they are already doing and integrate it in a way that delivers improved security.   Successful candidates for CyberSheath are self-motivated, think out of the box, work, and solve issues independently. Confident, ‘doers’ who ‘get the job done’ and strive to ‘do the right thing, even when no-one is looking’ are the types of candidates who strive in our culture.  Additionally, our most successful team members are self-starters and willing to put on many hats to succeed. CyberSheath is fast-growing and seeks candidates who want to be part of our upward trajectory.  The CMMC Compliance Engineer will be responsible for designing, implementing, and maintaining data protection controls that safeguard Controlled Unclassified Information (CUI) across Microsoft 365 and Azure environments in alignment with CMMC Level 2 and NIST 800-171 requirements. Key Responsibilities • Design, deploy, and manage Microsoft Purview Data Loss Prevention (DLP) policies across Exchange Online, SharePoint Online, OneDrive, Teams, and endpoint workloads. • Implement and maintain Microsoft Purview sensitivity labels, including label taxonomy, protection settings, encryption, and user experience alignment. • Configure and enforce auto-labeling and trainable classifiers to identify and protect CUI, export-controlled data, and other regulated data types. • Integrate DLP and labeling controls with Conditional Access, endpoint controls, and Defender workloads to support defense-in-depth. • Tune DLP policies to balance compliance enforcement with business usability, minimizing false positives while maintaining audit integrity. • Support audit readiness and evidence collection, including documentation of DLP configurations, labeling schemas, policy enforcement, and control mappings to NIST 800-171 and CMMC practices. • Collaborate with compliance, security operations, and engineering teams to remediate data handling gaps identified through assessments, audits, or incident response activities. Required Experience • Hands-on experience implementing Microsoft Purview DLP in regulated or compliance-driven environments. • Practical experience with sensitivity labels, encryption, content marking, and access restrictions. • Experience protecting CUI or similarly regulated data within Microsoft 365. • Strong understanding of how DLP and information protection map to CMMC Level 2 / NIST 800-171 requirements. • Experience supporting compliance audits or assessments with technical evidence and configuration artifacts. Preferred Experience • Experience in GCC or GCC High Microsoft environments. • Familiarity with Endpoint DLP, Insider Risk Management, or Information Governance features. • Experience integrating DLP with Defender for Endpoint, Microsoft Sentinel, or SOAR workflows. • Background working with DoD contractors or highly regulated industries. Work Environment  - 100% Remote work environment with occasional (25%) travel to client sites CyberSheath is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, among other things, or status as a qualified individual with a disability.  Budgeted Pay Range $110,000—$135,000 USD

• Conduct audits on resident files to determine move-in eligibility according to funding restrictions. • Audits are conducted electronically via a secured web-based portal. • Some Compliance Specialists travel to conduct audits on premises at the client's location. • Training and continuing education are provided.