Job Description
Own our controls across SOC 2 Type II, ISO 27001, and HIPAA; keep live evidence green in Delve and ensure continuous audit readiness. Run identity & access lifecycle (SSO/SCIM/JIT/RBAC) across IdP, AWS/GCP/Azure, and critical SaaS; drive least-privilege and quarterly reviews. Triage and drive security engineering work with Eng leads; manage backlog, SLAs, and closure in Linear/Jira. Prep/host audits (SOC 2/ISO/HIPAA): policies, risk register, vendor risk, BAAs/DPAs, corrective actions. Handle customer trust work: security reviews, RFPs, and technical diligence; clearly explain PHI flows and safeguards in an EHR-integrated environment. Coordinate monitoring runbooks for CSPM, endpoint, CI/CD, data access; lead weekly control-health reviews. Champion “security-by-default” in AI pipelines: dataset governance, PHI handling, model access, environment segregation.
About Sully.ai
Sully.ai is building the future of AI healthcare employees—scribes, coders, assistants—that help clinicians work faster and safer, integrated with leading EHRs.