US Regulatory Affairs Specialist Locations - Melville - New York - NC Remote, USA - FL Remote, USA - SC Remote, USA - GA Remote, USA - NH Remote, USA - NJ Remote, USA - MA Remote, USA - CT Remote, USA - NY Remote, USA - MD Remote, USA - ME Remote, USA - WV Remote, USA - DC Remote, USA - DE Remote, USA - RI Remote, USA - PA Remote, USA - VA Remote, USA - VT Remote, USA Full time JOB OVERVIEW: Responsible for ensuring company operations remain compliant with all federal, state, and international regulations governing controlled substances and regulated products. This role oversees licensing, reporting, recordkeeping, audits, and internal compliance processes related to DEA and other regulatory agency requirements. The position partners cross-functionally with quality, operations, supply chain, legal, and commercial teams to support compliant business practices while minimizing regulatory risk. KEY RESPONSIBILITIES: May perform several of the responsibilities below: - Research and analyze applicable laws and regulations; develop and implement the necessary policies and procedures to ensure the Company’s ongoing compliance with Federal, State and local requirements. - Implement systems and processes needed to ensure compliance with the receipt, storage and distribution of controlled substances, list 1 chemicals and other regulated products; as well as tracking distribution of prescription drugs and medical devices. - Conduct periodic audits on facilities and customer site visits to assess levels of compliance and risk. - Monitor compliance with DOT requirements for the classification, storage and distribution of Hazardous Materials; as well as the activities to comply with environmental laws, including the registration and disposal of pesticides and other type of type of chemical products. - Coordinate the implementation of systems and procedures to ensure compliance with OSHA regulations. - Support Distribution Center management and designated staff on the actions necessary to maintain regulatory compliance. - Provide support during government inspections and formulating the appropriate response and corrective actions. - Provide guidance to the company and subsidiaries to perform actions in order to maintain regulatory compliance for various facilities. - Provide support to Corporate Brand Development Group and other Business Units researching issues pertaining to regulatory matters.Secure and maintain proper company licensure and product registration as needed to supports HSI Operations and Business Units. - Provide support in the coordination and conducting routine Regulatory audits of Henry Schein facilities, affiliates and subsidiaries. - Develop appropriate awareness and training programs for TSMs consistent with regulatory compliance policies and procedures. - Conduct routine Regulatory audits of Henry Schein facilities, affiliates and subsidiaries. - Participate in special projects and performs other duties as required. SPECIFIC KNOWLEDGE & SKILLS: - Understanding of regulations applicable to HS operations. GENERAL SKILLS & COMPETENCIES: - General proficiency with tools, systems, and procedures - Basic planning/organizational skills and techniques - Basic analysis and problem-solving skills - Basic verbal and written communication skills MINIMUM WORK EXPERIENCE: Typically 1 to 3 years of related professional experience. PREFERRED EDUCATION: Typically, a Bachelor's Degree or global equivalent in related discipline. TRAVEL / PHYSICAL DEMANDS: Travel typically less than 10%. Office environment. No special physical demands required. The posted range for this position is $61,812-$84,992, which is the expected starting base salary range for an employee who is new to the role to fully proficient in the role. Many factors go into determining employee pay within the posted range including prior experience, current skills, location/labor market, internal equity, etc. This position is eligible for a bonus not reflected in the posted range. Other benefits available include: Medical, Dental and Vision Coverage, 401K Plan with Company Match, PTO, Paid Parental Leave, Income Protection, Work Life Assistance Program, Flexible Spending Accounts, Educational Benefits, Worldwide Scholarship Program and Volunteer Opportunities.

• Serve as the primary compliance liaison for Care Management and Utilization Management operations, providing strategic guidance and oversight to ensure adherence to applicable regulatory and accreditation requirements • Interpret, assess, and operationalize regulatory standards, including CMS Medicare Advantage and Managed Care requirements, NCQA and URAC accreditation standards, Utilization Review and Utilization Management regulations, and 42 CFR Part 2 requirements, as applicable • Oversee and support the organization’s multi-state Utilization Management licensing program by tracking licensing requirements across applicable jurisdictions, coordinating license applications and renewals, maintaining supporting documentation, and partnering with operational leaders to ensure ongoing compliance with licensing conditions and regulatory obligations • Provide compliance guidance and subject matter expertise related to clinical workflows, operational processes, policy development, and system implementations impacting Care operations • Support the full lifecycle management of Care-related policies, standard operating procedures, and associated documentation • Monitor regulatory developments and emerging compliance requirements, evaluate operational impact, and communicate relevant updates and recommendations to key stakeholders • Participate in high-risk initiatives, operational enhancements, and product or process changes to ensure compliance considerations are appropriately addressed • Support organizational readiness for audits, regulatory reviews, and accreditation activities, including NCQA and URAC surveys • Assist with incident response activities involving Care operations, including privacy-related inquiries, compliance investigations, and regulatory escalations • Collaborate with Corporate Compliance and cross-functional teams on issue intake, triage, tracking, remediation, and resolution efforts • Provide education, training, and ongoing guidance to internal stakeholders regarding applicable regulatory and compliance requirements • Maintain accurate and organized documentation to support compliance activities, regulatory inquiries, audits, and accreditation requirements

• Serve as the primary compliance liaison for Payment Integrity and Payment Operations, providing strategic guidance on regulatory and operational compliance matters. • Interpret, analyze, and operationalize applicable regulatory requirements, including the No Surprises Act (NSA), Fraud, Waste & Abuse (FWA) laws, CMS requirements, and state Department of Insurance (DOI) regulations impacting payment and billing practices. • Provide compliance oversight and guidance related to payment workflows, reimbursement methodologies, claims administration processes, and product development initiatives. • Partner cross-functionally with operational leaders to identify, assess, and mitigate financial and regulatory compliance risks associated with payment and claims functions. • Monitor and evaluate emerging regulatory developments, enforcement trends, and industry guidance to determine operational impact and support implementation of required changes. • Support the development, review, implementation, and maintenance of financial and payment-related policies, procedures, and standard operating procedures (SOPs). • Participate in high-risk initiatives, system implementations, process enhancements, and product changes to ensure compliance considerations are appropriately addressed. • Assist with incident response activities involving payment disputes, FWA-related escalations, regulatory inquiries, and other compliance-related matters. • Support internal audits, external audits, client audits, and regulatory examinations by coordinating documentation, responding to inquiries, and ensuring audit readiness. • Collaborate with Corporate Compliance and cross-functional stakeholders on issue intake, triage, investigation support, tracking, corrective action planning, and resolution activities. • Develop and deliver training, education, and compliance guidance to internal stakeholders regarding applicable regulatory requirements, policies, and operational expectations. • Maintain accurate and organized documentation supporting compliance oversight activities, monitoring efforts, investigations, and audit preparedness.

Role Description Cayenta, a division of Harris, is seeking a Security Governance & Compliance Specialist who will join the team to lead the design, implementation, and ongoing oversight of the organization's compliance frameworks. This includes providing security controls across our product and cloud environments. Your work will reduce customer risk, improve audit outcomes, and strengthen resilience through measurable, automated governance. This is a senior individual contributor role with broad influence across all teams, including Legal. In this role, you will be responsible for identifying, assessing, and supporting the management of information security risks across the organization. Reporting to the Director of Cloud, Security & Compliance, this role contributes to Cayenta’s security posture by implementing security and IA governance frameworks. This remote role welcomes candidates anywhere in Canada. Preference will be given to candidates who can work in PST timezone. Salary: 95K - 100K What your impact will be: - Primary Focus - Own and manage the organization's security compliance programs, including SOC 2 Type II, ISO 27001, ISO 42001, and other relevant frameworks. - Own audit readiness end-to-end: gap assessments, control mapping, auditor coordination, walkthroughs, and remediation follow-up. - Turn framework requirements into clear, actionable, and lightweight controls that teams can operate without slowing delivery. - Drive evidence collection automation in partnership with Engineering; the goal is evidence-by-default. - Maintain scope, context, governance artifacts, and Statement of Applicability. - Run internal audits, manage CAPAs, and sustain certification readiness. - Evaluate control design and operating effectiveness; identify gaps and drive actionable remediation. - Maintain the AIMS: AI use-case inventory, impact assessments, and human oversight controls. - Collaborate with AI-Ops on model documentation (model cards), bias/fairness testing, explainability, drift monitoring, and adversarial robustness controls. - Produce compliance dashboards and KPI reporting for leadership and customers. - Evaluate control design and operating effectiveness against internal policies/standards and external frameworks; identify control gaps and actionable recommendations. - Operationalize and sustain the ISMS (ISO/IEC 27001) and AIMS (ISO/IEC 42001), including scope, context, governance, and required. - Risk & Vendor Management - Lead third-party/vendor risk management: due diligence, review of security documentation, contract/control requirements, and tracking vendor remediation and data-protection alignment. - Evaluate residual risk and support risk acceptance decisions with documented rationale. - Cross-Functional Enablement - Collaborate with the AI-Ops team in building and maintaining AI-Governance. - Manage the responsible AI policy lifecycle alongside the AI Ops team. - Collaborate with the AI-Ops team in implementing AI risk/model governance controls aligned to ISO/IEC. - Work with Engineering in automating the collection of evidence and control testing, internal audits, managing CAPAs, and maintaining continuous audit readiness. - Partner with Engineering, Product, and Legal to bake in controls into the SDLC. - Translate framework requirements into plain-language controls that engineers can operate without slowing delivery. - Collaborate with the Security team in identifying, evaluating, and acting on vulnerabilities reported by our monitoring systems and/or external channels. - Work closely with the Security team in the coordination and execution of the different frameworks. - Reporting and CPI - Produce compliance reporting and dashboards. Define and track security & compliance KPIs, lead management reviews to ensure a healthy compliance posture to stakeholders. - Drive continuous improvement of risk and control maturity based on trends, audit results, and business impact. Qualifications - 5+ years in information security compliance, risk management, or audit, with hands-on SOC 2 Type II experience as the primary requirement. - Deep working knowledge of SOC 2 Trust Services Criteria and practical audit mechanics. - Experience operationalizing ISO 2700, maintaining an ISMS, managing CAPAs, and sustaining certification. - Ability to assess control design and operating effectiveness, identify gaps, and drive remediation without authority over the teams implementing fixes. - Strong written communication. You will produce risk registers, control documentation, dashboards, and audit artifacts that engineering and legal teams rely on. - Comfort working in a cloud-native environment (Azure) and understanding how infrastructure decisions affect control coverage. What would make you stand out: - Experience with ISO 42001 or AI/ML governance frameworks, model risk management, responsible AI policy, or AI impact assessments. - Background in regulated industries: utilities, municipalities, government. - Familiarity with evidence collection automation. - CISSP, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent certification. Benefits - 3 weeks’ vacation and 5 personal days - Comprehensive Medical, Dental, and Vision benefits starting from your first day of employment - Employee stock ownership and RRSP/401k matching programs - Lifestyle rewards - Remote work and more!