• Maintain hardened baselines and secure configurations across systems and environments, mapped to policy and control requirements. • Proactively monitor for issues, investigate anomalies, and help drive timely remediation, with strong documentation and traceability. • Produce high-quality control documentation and evidence that stand up to internal audit, external audit, and client scrutiny. • Collaborate effectively with technical and non-technical stakeholders to embed security and compliance expectations into day-to-day operations. • Support execution of compliance and security risk assessments by gathering inputs from control owners, documenting risks, and tracking agreed actions. • Help design and execute control testing plans for key information security and compliance controls (e.g., access reviews, configuration baselines, logging and monitoring), documenting results and exceptions. • Maintain and refine control inventories, risk registers, and metrics/KRIs for information security and compliance, partnering with the Information Security Manager and Compliance to ensure data quality and timely updates. • Assist in evaluating the impact of new regulations, client obligations, and internal policies on existing controls, and help translate requirements into practical control changes. • Prepare and maintain control evidence (e.g., screenshots, configuration exports, reports, tickets) that demonstrate effective operation of information security and compliance controls for internal and external audits. • Partner with Compliance, Legal, and Information Security leadership to support SOC 2, ISO 27001, and related certification activities, including evidence collection, sample selection, and responses to auditor questions. • Coordinate and contribute to client security and compliance questionnaires, RFPs, and on-site/virtual reviews by providing accurate, timely information on controls, hardening standards, and governance processes. • Help organize and track findings and remediation actions arising from audits, certification reviews, and client / regulatory inquiries, ensuring owners, timelines, and status are clearly documented. • Ensure that day-to-day security and compliance practices align with written policies by reviewing procedures, identifying gaps, and proposing pragmatic updates. • Support the Information Security Manager and Compliance in reviewing, updating, and socializing policies, standards, and procedures, including mapping controls to specific requirements and frameworks. • Assist with access control and entitlement governance, including periodic user access reviews, privileged account checks, and validation of joiner/mover/leaver activities against policy and client expectations. • Help document and refine standard operating procedures (SOPs) for recurring controls (e.g., monitoring, evidence collection, configuration reviews, access reviews), ensuring they are clear, consistent, and audit-ready. • Operate day-to-day security monitoring processes, including review of alerts, logs, and dashboards for suspicious activity, misconfigurations, and policy exceptions, ensuring that events are handled in line with documented procedures. • Conduct initial triage and investigation of security and control-related events; document findings, classify impact and risk, and escalate to the Information Security Manager or other stakeholders as appropriate. • Support ongoing vulnerability, patching, and configuration management efforts by validating remediation status, tracking exceptions against policy and risk tolerance, and helping prioritize issues based on business and client impact. • Work closely with Information Security, Compliance, Legal, Infrastructure/Operations, Engineering, and Client-facing teams to clarify security and compliance requirements and ensure shared understanding of control expectations. • Participate in root-cause analysis and remediation planning for security findings, audit issues, client concerns, and control failures; help ensure corrective actions are risk-appropriate and sustainable. • Identify opportunities to streamline and automate compliance and security processes to improve consistency, coverage, and efficiency. • Contribute to training and awareness efforts by providing practical input on technical control topics for relevant audiences.

• Provide governance and oversight of the organization’s Integrated Management System (IMS) • Monitor conformance of information security and quality management processes to applicable ISO requirements • Maintain management system documentation, including policies, procedures, Statements of Applicability, risk registers, and governance records • Plan, coordinate, and conduct internal ISO and compliance audits • Monitor compliance performance through audits, assessments, and reviews, and report results to leadership • Coordinate recurring risk assessments related to information systems and business processes

• Establish and execute country-level programs that align with Twilio’s short-term and long-term telecom compliance strategy. • Manage weekly compliance operating rhythm for your assigned countries, triaging developments and escalating critical issues to senior management. • Identify potential compliance risks and work cross-functionally to implement mitigation strategies • Own the corporate governance of regional initiatives by maintaining internal policies and procedures that ensure adherence to international telecommunications standards • Partner with Product and Engineering teams to drive innovation in compliance initiatives while identifying potential monetization opportunities. • Collaborate with internal functions to develop training materials and educate employees on evolving regulatory requirements. • Update senior leadership regularly on strategy execution and performance

Role Description The Regulatory and Compliance Lead plays a vital role in ensuring our training content remains accurate, relevant, and aligned with evolving state and federal regulations across the full long-term and post-acute care continuum. This position leads compliance research, interpretation, and alignment efforts across home-based care (home care, home health, hospice), assisted living, memory care, independent living, continuing care retirement communities (CCRCs), and skilled nursing facilities (SNFs)—ensuring our education products meet or exceed state-specific and accrediting body standards. If you’re passionate about supporting quality care and want to help thousands of organizations simplify compliance while elevating training outcomes, this role is for you. Key Responsibilities - Regulatory Research & Compliance Oversight - Monitor, interpret, and summarize federal and state regulations impacting post-acute and long-term care providers across home-based care and senior living settings. - Track updates from regulatory and accrediting agencies (e.g., CMS, state departments of health, state licensing boards, professional accrediting bodies) and synthesize implications for training content and learning paths. - Maintain a compliance roadmap for the post-acute care content portfolio, ensuring all programs remain aligned with current standards and renewal cycles. - Communicate regulatory changes proactively to internal stakeholders to guide timely updates to training content and learning paths, ensuring messaging and implementation remain uniform across care settings. - Vendor & Government Relations - Serve as a liaison between Activated Insights and state agencies, accrediting bodies, and industry associations across the post-acute care continuum. - Manage relationships with regulators and accreditation partners to ensure course approvals and renewals remain current and consistent. - Oversee accreditation renewal processes and vendor management for all compliance and specialty training programs, sharing best practices and documentation standards across the team. - Content Alignment & Market Strategy - Partner with clinical, instructional design, and content management teams to ensure all training content accurately reflects current regulations. - Track expiration dates and versioning within the Activated Insights course library, ensuring compliance and specialty courses are reviewed and updated on schedule, in coordination with shared tracking and reporting processes. - Identify emerging regulatory and industry trends (e.g., infection prevention, staffing mandates, dementia care, emergency preparedness) to inform future content strategy, maintaining cross-vertical awareness to strengthen the organization’s overall regulatory foresight. - Project & Process Management - Maintain clear documentation and audit trails for all compliance initiatives and state-specific updates. - Use project management tools (e.g., ClickUp) to coordinate cross-functional compliance projects and deadlines, sharing workflows and timelines with colleagues to ensure smooth collaboration. - Lead initiatives to ensure consistency and alignment of regulatory updates across all training content, co-developing processes that ensure a unified regulatory approach company-wide. - Curricula Development & Customer Solutions - Develop and maintain a strong familiarity with the content library and how it relates to compliance requirements across states, care settings, and care providers. - Collaborate with the Content Management Team and Compliance & Nursing colleagues to design structured, state-specific curricula. - Ensure all course groupings and curricula meet applicable regulations for administrators, clinicians, and care professionals, mirroring consistency in regulatory interpretation and learner experience across care settings. - Partner with Customer Success and Sales teams to translate complex regulatory requirements into practical, customer-facing training solutions that reflect a cohesive compliance framework. - Contribute to developing accessible and engaging compliance training that supports administrators, clinicians, and care professionals, ensuring consistency and clarity across all verticals. Qualifications - Bachelor’s degree in Healthcare Administration, Regulatory Affairs, Public Policy, or related field. - 3+ years of experience in healthcare compliance, policy analysis, or regulatory affairs—with at least 2 years in post-acute/long-term care. - Experience collaborating with state-level regulatory agencies, accrediting bodies, and industry associations. - Proven track record of managing compliance initiatives and aligning training programs with evolving industry standards. - Strong analytical, organizational, and leadership abilities to drive compliance excellence across departments. Requirements - Regulatory Expertise: Strong understanding of compliance requirements across post-acute and long-term care settings, with the ability to interpret and apply state and federal regulations. - Attention to Detail: Exceptional accuracy in interpreting and tracking complex regulatory updates, as well as in creating and maintaining compliance artifacts (crosswalks, training curricula) that customers and internal teams rely on. - Intellectual Curiosity: Strong interest in regulatory nuance. Takes the initiative to dig deeper when it strengthens our compliance research and artifacts. - Ownership and Accountability: Commitment to producing work that both internal teams and external customers can rely on, with personal accountability for its accuracy and defensibility. - Cross-Functional Collaboration: Proven ability to coordinate with clinical, instructional design, and content management teams. - Project Management: Skilled in managing multiple projects, tracking deadlines, and using PM tools effectively. - Communication: Excellent written and verbal communication skills, with the ability to explain complex regulations clearly. - Strategic Thinking: Ability to connect compliance priorities to business goals and product impact. - Documentation & Data Management: Strong organizational skills for maintaining compliance records and vendor documentation. - Tech Proficiency: Familiarity with Microsoft Office, Learning Management Systems (LMS) platforms, and database applications. Benefits - Fully remote (United States). - Prolonged periods sitting at a desk and working on a computer. - Multiple video meetings each day where webcam use is required. - Full-time, 40 hours per week. - Monday through Friday, core business hours of 8:00 AM to 5:00 PM (with flexibility to meet client needs).