Position Overview The SOX Compliance Business Manager leads the day‑to‑day activities of the SOX program, including scoping, documentation, testing, issue remediation, and management reporting. The role reports to the Director of Internal Controls and partners closely with Finance, IT, and business process owners to ensure internal controls over financial reporting are designed, implemented, and operating effectively in line with SOX requirements and COSO. Here's What You'll Do: - Develop and maintain the annual SOX compliance testing plan, including timelines, milestones, and resource needs for testing and reporting. - Coordinate SOX risk assessment to identify key financial reporting risks, significant accounts, processes, and in‑scope entities. - Oversee documentation of end‑to‑end processes, risks, and controls (RCM, narratives, flowcharts) in alignment with the COSO framework and company policies. - Perform, lead and review design and operating effectiveness testing of key controls in collaboration with SOX analysts including sampling, walkthroughs, and re‑performance, ensuring sufficient evidence is retained. - Identify, assess, and document control deficiencies, determine severity (deficiency vs significant deficiency vs material weakness), and work with owners on remediation plans and retesting. - Monitor remediation status, track action plans to closure, and escalate overdue or high‑risk items to senior management and the audit committee as needed. - Prepare clear, concise SOX status reports and dashboards for management, including testing progress, issues, remediation, and overall control conclusions. - Serve as a liaison with external auditors on SOX scope, testing approaches, documentation requests, and issue resolution. - Provide subject matter expertise, training and guidance to process and control owners on SOX requirements, control design, documentation standards, and evidence expectations/requirements. - Support related internal controls and governance related initiatives where they intersect with SOX. What You Bring to the Table: - Bachelor’s degree in accounting, finance, business, or a related field. - 5-8+ years of progressive experience in SOX, internal audit, external audit, or internal controls, with a strong focus on ICFR. - Solid knowledge of SOX 404 requirements, PCAOB standards, and internal control frameworks such as COSO. - Professional designation such as CPA, CA, CIA, or CISA is highly preferred. - Experience working with ERP and GRC tools (e.g., NetSuite, Salesforce, etc.) and commonly used GRC platforms (e.g. Workiva, Resolver, etc.) - Strong understanding of financial reporting processes, internal controls, and risk assessment techniques. - Analytical and problem‑solving skills, with the ability to evaluate control design and identify practical, risk‑based improvements. - Excellent written and verbal communication skills, including ability to explain SOX concepts to non‑experts and influence senior stakeholders. - High attention to detail, strong organization, and ability to manage multiple concurrent projects and deadlines. - Collaborative team mindset with the confidence to challenge, negotiate, and drive remediation across functions.

At Bask Health, every role is AI-first. Work starts in an LLM to clarify intent and context, moves into the right tools to explore and execute, is tested with real users and stakeholders, and is continuously refined as we learn. AI and self-serve research are default parts of how we work, not side experiments. We are looking for people who take full ownership of their work, treat AI as a real collaborator, and care deeply about building a company that meaningfully improves how healthcare is delivered. What You'll Do Work AI-first: Use LLMs as your starting point — to clarify thinking, draft output, research problems, and move faster. Apply your own judgment to refine quality and make it count. Validate and iterate: Test your work with real users and stakeholders. Use what you learn to improve before problems become patterns. Share AI-native workflows: Document prompts, processes, and workflows that work. Share them across your team so we raise the bar together. Key Responsibilities - Reporting to the General Counsel this position provides strategic and operational legal support across legal issues in cybersecurity, data privacy, artificial intelligence, and data governance. - Develop, implement, and maintain the organization's comprehensive data governance and security, privacy and compliance frameworks and policies.  - Serve as the Privacy Officer and primary legal and operational authority on HIPAA, including Privacy Rule and Security Rule requirements - Ensure adherence to global, federal, state and emerging privacy laws (GDPR, CPRA, etc.), as applicable - Advise executive leadership on cybersecurity risk, mitigation, data governance, and regulatory obligations - Lead internal audits, risk assessments, and incident response planning - Manage relationships with outside counsel, regulators, and third-party vendors on compliance matters - Educate staff on data handling, privacy practices, and security threats. Organize and oOversee employee training programs on data privacy, security protocols, and HIPAA obligations - Monitor evolving federal and state data privacy legislation and assess organizational impact - Draft and enforce internal data security policies, procedures, and Business Associate Agreements (BAAs) - Represent the organization in regulatory investigations or breach notification proceedings, remediation efforts, and regulatory notifications.

Title: Principal RA Sepcialist Location: Remote Mexico Full time Remote In this role you will be a pivotal team member with regulatory affairs responsibilities, leading discussions, and coordinating regulatory strategies globally on assigned (Phase 1 to 4) clinical trials, studies and projects. You will be part of a global team providing innovative solutions and global regulatory expertise, being client interfacing to provide strategic regulatory intelligence and guidance. You will feel confident providing regulatory advice and carry out projects in the provision of regulatory affairs services whilst acting as liaison with internal and external clients. You will act as a representative of the regulatory department with other departments, supporting business development, working on initiatives, and contributing to quality improvement. You will also arrange, lead, and report on client and regulatory agency meetings. The following skills are required to be successful in this position: - preparation and assembly of global regulatory submissions - interacting with sponsors, - review and assess clinical trial regulatory documents, - review and assess scientific literature. - manages project teams and preparation - participate in launch meetings, review meetings and project team meetings. Optional skills: - Experience with bid defense meetings Qualifications - External What the role requires you to have: - Bachelor's degree or advanced degree preferred, or equivalent and relevant formal academic / vocational qualification - Previous experience that provides the knowledge, skills, and abilities to perform the job - Knowledge of the global clinical trials landscape Knowledge, Skills and Abilities: - Excellent command of the English language (written and oral) as well as local language where applicable - Excellent attention to detail and quality as well as excellent editorial/proofreading skills - Exceptional interpersonal skills to work effectively in a team environment and act as a liaison with other departments - Advanced computer skills including the use of Microsoft Word, Excel, Power Point; capable of learning new technologies - Strong organizational, time management, and planning skills to create and follow timelines, conduct long-range planning, adapt to changing priorities and handle multiple projects - Capable of working independently and exercising independent judgment to assess sponsor regulatory needs and work with project team members to producing compliant deliverables - Excellent understanding of global/regional/national country requirements/regulatory affairs procedures for clinical trial authorization; expert knowledge of ICH and other global regulatory guidelines - Excellent analytical, investigative and problem-solving skills

• Regulatory Submissions: Plan and coordinate global regulatory submissions, including INDs, late-stage IND amendments, IMPDs, CTAs, and annual reports, ensuring high-quality, compliant documentation to support new and ongoing clinical programs. • Technical Authoring: Independently author and compile Module 2 and Module 3 content, including quality overall summaries, drug substance, drug product and regional sections, stability summaries, comparability assessments, and supporting technical reports. • Health Authority Interactions: Prepare clear, scientifically sound responses to CMC and device-related questions from global regulatory agencies (FDA, EMA, PMDA, and ROW health authorities). Prepare meeting requests, background material and meeting presentation materials to support health authority interactions to progress clinical development milestone. • Device & Combination Product Support: Contribute to regulatory strategy and documentation for drug-device combination products, including device technical documentation and integration into clinical regulatory submissions. • Regulatory Strategy Execution: Implement CMC and device regulatory strategies in collaboration with regulatory leadership to support late-stage clinical development and clinical trial progression. • Cross-functional Collaboration: Work closely with Technical Operations, Manufacturing, Analytical Development, Quality, Clinical, and external partners to collect, verify, and integrate technical data into regulatory submissions. • Other duties as assigned.