• Evaluate organizational policies and standards, ensuring that external and internal compliance requirements are met. • Develop improvements to the compliance program, including the use of AI, automation, and process optimization. • Review security-relevant language in customer contracts (MSAs, DPAs, BAAs) and RFP/RFI security sections, providing recommendations to Legal and the broader GRC team. • Respond to customer security questionnaires using AI-assisted tools and trust content, exercising professional judgment to ensure responses are accurate and complete. • Work with external auditors and customers as necessary, providing them with required information and assistance. • Maintain and update trust center content and customer-facing security documentation. • Perform vendor security risk assessments and contribute to the third-party risk management program. • Assist in policy documentation upkeep and development, ensuring clarity and applicability. • Monitor and assist with the internal training programs on compliance requirements and best practices. • Ensure Bamboo Health’s security operations remain aligned with both internal and external compliance requirements, contributing to ongoing internal and external audit reviews. • Effectively communicate Bamboo Health’s compliance posture to both internal and external stakeholders, offering tangible proof of adherence to policy requirements. • Partner with the larger Information Security team to identify areas for continuous improvement within the compliance framework. • Stay curious about emerging AI tools and how they can streamline or enhance work within your function.

Role Description - Design LLM prompts and evaluate model outputs for compliance and legal operations. - Develop and refine Rubric style tasks to ensure accuracy and compliance in outputs. - Collaborate with regulatory and audit specialists to enhance model performance. - Provide structured feedback to improve AI model training and evaluation processes. - Work independently and asynchronously to meet project deadlines. - Ensure compliance with legal standards and regulations in all outputs. Qualifications - Experience in compliance, legal operations, and regulatory audits. - Confidence in designing LLM prompts and evaluating model outputs. Company Description Mercor connects elite creative and technical talent with leading AI research labs. Headquartered in San Francisco, our investors include Benchmark, General Catalyst, Peter Thiel, Adam D'Angelo, Larry Summers, and Jack Dorsey.

• Assist Travel + Leisure Information Technology (IT) Governance, Risk, & Compliance organization • Comply with T+L’s governing IT Security Policy & Standards • Support Services: Policy Violation Support, Vulnerability Support, Legal Support, Security Awareness, eGRC Support, Advisory Services • Policy Governance: Policies, standards, guidelines, and exception processing • Compliance Monitoring: PCI, SOX, GDPR, HIPAA, CCPA • Internal Compliance Reviews: Vendor, solution, 3rd party risk, M&A reviews • Travel Requirements: 5% for onsite reviews and conferences

• Develop, implement, and oversee the compliance program in accordance with the elements described by the Department of Justice and HHS Office of the Inspector General and the results of the annual compliance risk assessment • Hire, lead, and manage Compliance team and Privacy team staff • Manage suite of company policies and procedures, and oversee drafting, revising, deploying and training on policies and procedures in concert with relevant business units • Develop, implement and drive annual internal compliance risk assessment, annual work plan, and audit and monitoring plan • Work directly with MRO’s health system clients to communicate MRO compliance program elements, assist in understanding federal and state privacy laws and anticipated regulatory and legislative changes • Oversee and track required compliance trainings • Develop and report key compliance metrics across all business lines • Develop and manage appropriate governance structures for compliance, including running regular meetings of management compliance committee and presenting and reporting to the board of directors’ Compliance, Information Security, and Public Policy Committee • Work closely with (i) Legal team to ensure common understanding of applicable laws, and (ii) Government Affairs team to anticipate changes in laws that affect the company’s business and compliance program • Present compliance and health information management topics to industry groups and at MRO client summits • Creatively leverage the company’s technology resources to implement the above objectives • Other tasks and responsibilities as assigned by the CEO, CLO, or Board of Directors from time-to-time incident to the above