• Serve as the primary compliance liaison for Care Management and Utilization Management operations, providing strategic guidance and oversight to ensure adherence to applicable regulatory and accreditation requirements • Interpret, assess, and operationalize regulatory standards, including CMS Medicare Advantage and Managed Care requirements, NCQA and URAC accreditation standards, Utilization Review and Utilization Management regulations, and 42 CFR Part 2 requirements, as applicable • Oversee and support the organization’s multi-state Utilization Management licensing program by tracking licensing requirements across applicable jurisdictions, coordinating license applications and renewals, maintaining supporting documentation, and partnering with operational leaders to ensure ongoing compliance with licensing conditions and regulatory obligations • Provide compliance guidance and subject matter expertise related to clinical workflows, operational processes, policy development, and system implementations impacting Care operations • Support the full lifecycle management of Care-related policies, standard operating procedures, and associated documentation • Monitor regulatory developments and emerging compliance requirements, evaluate operational impact, and communicate relevant updates and recommendations to key stakeholders • Participate in high-risk initiatives, operational enhancements, and product or process changes to ensure compliance considerations are appropriately addressed • Support organizational readiness for audits, regulatory reviews, and accreditation activities, including NCQA and URAC surveys • Assist with incident response activities involving Care operations, including privacy-related inquiries, compliance investigations, and regulatory escalations • Collaborate with Corporate Compliance and cross-functional teams on issue intake, triage, tracking, remediation, and resolution efforts • Provide education, training, and ongoing guidance to internal stakeholders regarding applicable regulatory and compliance requirements • Maintain accurate and organized documentation to support compliance activities, regulatory inquiries, audits, and accreditation requirements

• Serve as the primary compliance liaison for Payment Integrity and Payment Operations, providing strategic guidance on regulatory and operational compliance matters. • Interpret, analyze, and operationalize applicable regulatory requirements, including the No Surprises Act (NSA), Fraud, Waste & Abuse (FWA) laws, CMS requirements, and state Department of Insurance (DOI) regulations impacting payment and billing practices. • Provide compliance oversight and guidance related to payment workflows, reimbursement methodologies, claims administration processes, and product development initiatives. • Partner cross-functionally with operational leaders to identify, assess, and mitigate financial and regulatory compliance risks associated with payment and claims functions. • Monitor and evaluate emerging regulatory developments, enforcement trends, and industry guidance to determine operational impact and support implementation of required changes. • Support the development, review, implementation, and maintenance of financial and payment-related policies, procedures, and standard operating procedures (SOPs). • Participate in high-risk initiatives, system implementations, process enhancements, and product changes to ensure compliance considerations are appropriately addressed. • Assist with incident response activities involving payment disputes, FWA-related escalations, regulatory inquiries, and other compliance-related matters. • Support internal audits, external audits, client audits, and regulatory examinations by coordinating documentation, responding to inquiries, and ensuring audit readiness. • Collaborate with Corporate Compliance and cross-functional stakeholders on issue intake, triage, investigation support, tracking, corrective action planning, and resolution activities. • Develop and deliver training, education, and compliance guidance to internal stakeholders regarding applicable regulatory requirements, policies, and operational expectations. • Maintain accurate and organized documentation supporting compliance oversight activities, monitoring efforts, investigations, and audit preparedness.

Role Description Cayenta, a division of Harris, is seeking a Security Governance & Compliance Specialist who will join the team to lead the design, implementation, and ongoing oversight of the organization's compliance frameworks. This includes providing security controls across our product and cloud environments. Your work will reduce customer risk, improve audit outcomes, and strengthen resilience through measurable, automated governance. This is a senior individual contributor role with broad influence across all teams, including Legal. In this role, you will be responsible for identifying, assessing, and supporting the management of information security risks across the organization. Reporting to the Director of Cloud, Security & Compliance, this role contributes to Cayenta’s security posture by implementing security and IA governance frameworks. This remote role welcomes candidates anywhere in Canada. Preference will be given to candidates who can work in PST timezone. Salary: 95K - 100K What your impact will be: - Primary Focus - Own and manage the organization's security compliance programs, including SOC 2 Type II, ISO 27001, ISO 42001, and other relevant frameworks. - Own audit readiness end-to-end: gap assessments, control mapping, auditor coordination, walkthroughs, and remediation follow-up. - Turn framework requirements into clear, actionable, and lightweight controls that teams can operate without slowing delivery. - Drive evidence collection automation in partnership with Engineering; the goal is evidence-by-default. - Maintain scope, context, governance artifacts, and Statement of Applicability. - Run internal audits, manage CAPAs, and sustain certification readiness. - Evaluate control design and operating effectiveness; identify gaps and drive actionable remediation. - Maintain the AIMS: AI use-case inventory, impact assessments, and human oversight controls. - Collaborate with AI-Ops on model documentation (model cards), bias/fairness testing, explainability, drift monitoring, and adversarial robustness controls. - Produce compliance dashboards and KPI reporting for leadership and customers. - Evaluate control design and operating effectiveness against internal policies/standards and external frameworks; identify control gaps and actionable recommendations. - Operationalize and sustain the ISMS (ISO/IEC 27001) and AIMS (ISO/IEC 42001), including scope, context, governance, and required. - Risk & Vendor Management - Lead third-party/vendor risk management: due diligence, review of security documentation, contract/control requirements, and tracking vendor remediation and data-protection alignment. - Evaluate residual risk and support risk acceptance decisions with documented rationale. - Cross-Functional Enablement - Collaborate with the AI-Ops team in building and maintaining AI-Governance. - Manage the responsible AI policy lifecycle alongside the AI Ops team. - Collaborate with the AI-Ops team in implementing AI risk/model governance controls aligned to ISO/IEC. - Work with Engineering in automating the collection of evidence and control testing, internal audits, managing CAPAs, and maintaining continuous audit readiness. - Partner with Engineering, Product, and Legal to bake in controls into the SDLC. - Translate framework requirements into plain-language controls that engineers can operate without slowing delivery. - Collaborate with the Security team in identifying, evaluating, and acting on vulnerabilities reported by our monitoring systems and/or external channels. - Work closely with the Security team in the coordination and execution of the different frameworks. - Reporting and CPI - Produce compliance reporting and dashboards. Define and track security & compliance KPIs, lead management reviews to ensure a healthy compliance posture to stakeholders. - Drive continuous improvement of risk and control maturity based on trends, audit results, and business impact. Qualifications - 5+ years in information security compliance, risk management, or audit, with hands-on SOC 2 Type II experience as the primary requirement. - Deep working knowledge of SOC 2 Trust Services Criteria and practical audit mechanics. - Experience operationalizing ISO 2700, maintaining an ISMS, managing CAPAs, and sustaining certification. - Ability to assess control design and operating effectiveness, identify gaps, and drive remediation without authority over the teams implementing fixes. - Strong written communication. You will produce risk registers, control documentation, dashboards, and audit artifacts that engineering and legal teams rely on. - Comfort working in a cloud-native environment (Azure) and understanding how infrastructure decisions affect control coverage. What would make you stand out: - Experience with ISO 42001 or AI/ML governance frameworks, model risk management, responsible AI policy, or AI impact assessments. - Background in regulated industries: utilities, municipalities, government. - Familiarity with evidence collection automation. - CISSP, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent certification. Benefits - 3 weeks’ vacation and 5 personal days - Comprehensive Medical, Dental, and Vision benefits starting from your first day of employment - Employee stock ownership and RRSP/401k matching programs - Lifestyle rewards - Remote work and more!

Role Description Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth. We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust. Roles we hire for on this team: - Compliance Management - Lead compliance and certification programs across security and regulatory frameworks - Manage audit cycles, partner with external assessors, and drive audit readiness initiatives - Improve controls, processes, and evidence management practices across the organization - Security Risk Management - Build and maintain risk and controls frameworks that support Figma's security posture - Assess, prioritize, and communicate security risks across the business - Develop third-party risk management strategies and enterprise risk reporting programs - Policy & Governance - Manage the lifecycle of organizational security policies, standards, and procedures - Drive policy awareness and stakeholder engagement across the company - Ensure governance practices align with regulatory requirements and business objectives - GRC Platforms & Enablement - Select, implement, and optimize GRC platforms and supporting workflows - Scale evidence collection, reporting, and program management capabilities - Identify opportunities to automate and streamline GRC operations - Customer Trust - Support customer trust and business enablement activities across the sales lifecycle - Manage security knowledge bases, customer-facing documentation, and trust publications - Respond to customer security inquiries, audits, and questionnaires This is a full time role that can be held from one of our US hubs or remotely in the United States. What you'll do at Figma: - Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2 - Manage external audits and certification activities while partnering with auditors and assessors - Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications - Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders - Improve control effectiveness and operational efficiency through rationalization and process optimization - Implement and optimize GRC platforms that scale evidence collection and program management - Maintain security policies and governance processes that align with organizational risk objectives - Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications Qualifications - 4+ years of experience in information security, compliance, risk management, or a related field - Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC - Experience leading or supporting audits and partnering with external assessors - Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives - Exceptional written and verbal communication skills across technical, business, and executive audiences - Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships Requirements - While it’s not required, it’s an added plus if you also have: - Operated in a public company environment with SOX ITGC requirements - Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities - Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC - Implemented or administered GRC platforms such as Vanta, Drata, or similar tools - Scaled security, compliance, or risk programs in a high-growth environment Benefits - Figma offers equity to employees, as well a competitive package of additional benefits, including: - Health, dental & vision - Retirement with company contribution - Parental leave & reproductive or family planning support - Mental health & wellness benefits - Generous PTO - Company recharge days - Learning & development stipend - Work from home stipend - Cell phone reimbursement - Sales incentive pay for most sales roles - Annual bonus plan for eligible non-sales roles