Senior Manager, Infosec, IT & Compliance
Ready to make a real impact on global health and wellness care?
Practice Better is an all-in-one platform helping health and wellness practitioners run their businesses, care for their clients, and scale their impact. Founded by practitioners in 2016, we’re now the leading EHR and practice management platform in the wellness industry, trusted by tens of thousands of practitioners across 70+ countries.
In 2023, we expanded our whole-practice care offering through the acquisition of That Clean Life, bringing nutrition planning into our platform.
We’re a remote-first team headquartered in Toronto, made up of curious, driven, and empathetic people building tools that help practitioners create sustainable, independent practices; and do the most meaningful work of their careers. While most of our work happens remotely, we come together regularly for off-sites and team events to stay connected and build together.
Important notice to our applicants and job seekers:
We've become aware of fraudulent messages impersonating Practice Better's recruitment team.
Please note:
- Practice Better will never ask for payment, banking details, or personal financial information at any stage of the hiring process
- All official communication comes from @practicebetter.io email addresses
- We will never ask you to purchase equipment, software, or gift cards
- We will never conduct interviews solely via text message or WhatsApp
If something feels off, trust your instincts. Verify any suspicious outreach by contacting us directly at careers@practicebetter.io before taking any action.
Thank you for helping us keep our hiring process safe and transparent.
Position Summary
We are looking for a Senior Manager, Information Security, IT, and Compliance to join our growing team.
As a Business Associate to thousands of healthcare practitioners globally, Practice Better operates in a complex regulatory environment spanning HIPAA, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging US state privacy laws. We take our role as a trusted steward of protected health information (PHI) and personal data seriously — and we need someone to manage that responsibility with rigor, sound judgment, and operational excellence, reporting directly to our VP of Engineering.
In this role, you'll manage three interconnected pillars: Information Security, IT Operations, and Compliance. You'll drive day-to-day execution of our compliance program - supporting vendor BAA/DPA negotiations and the implementation of multi-jurisdictional privacy frameworks, maturing our security posture and closing regulatory gaps. You'll also manage IT operations, including user provisioning/deprovisioning, device management, SaaS vendor rationalization, and identity & access management. You'll partner closely with Engineering, Product, Legal, and Customer Success to embed privacy-by-design principles into our product roadmap, drive operational security improvements, and ensure we stay ahead of evolving compliance requirements as we scale.
The ideal candidate brings strong working knowledge of healthcare compliance (HIPAA/HITECH), European data protection (GDPR), and SaaS security frameworks (SOC 2, ISO 27001), combined with hands-on experience managing IT operations in a remote-first, high-growth environment. You're energized by strengthening compliance and IT programs from mid-stage to maturity, translating complex regulatory requirements into practical engineering workflows, and navigating ambiguous privacy and security decisions with good judgment. You understand that compliance is not a checkbox exercise — it's a business enabler that protects our customers, and earns their trust.
Note: Practice Better is a remote-first company with team members across North America. This particular role is currently open to Canadian-based candidates only, and candidates must be legally entitled to work for any employer in Canada. Practice Better is unable to support sponsorship for work permits or visas at this time.
What You’ll Be Doing
Information Security & Compliance
- Manage multi-jurisdictional compliance execution - Support implementation of HIPAA/HITECH, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging privacy laws and coordinate with legal counsel on complex regulatory matters.
- Drive vendor risk management and BAA/DPA lifecycle - Negotiate and finalize Business Associate Agreements and Data Processing Agreements with subprocessors, ensuring breach notification timelines meet calendar-day standards, data deletion commitments are defined, and subprocessor transparency obligations are satisfied.
- Mature security posture and operational resilience - Partner with Engineering to implement security controls that support SOC 2 Type II and ISO 27001 readiness, lead incident response planning and breach notification workflows, and establish monitoring/alerting.
- Embed privacy-by-design across product and engineering - Collaborate with Product and Engineering leadership to assess PHI exposure in new features, define data minimization strategies, and guide architecture decisions that reduce compliance risk.
IT Operations & Infrastructure
- Lead IT operations and service delivery - Own user onboarding / offboarding workflows, device provisioning and management, and IT service delivery for a remote-first team, partnering with HR on seamless employee lifecycle management.
- Drive Identity & Access Management (IAM) strategy - Own identity provider configuration and access control policies, implementing least-privilege access principles, periodic access reviews, and role-based access control (RBAC) frameworks.
- Manage endpoint security and device management - Define and enforce endpoint security standards (MDM, disk encryption, antivirus, patching). Establish laptop procurement standards and remote device management policies. Coordinate with Engineering on developer tooling and access requirements.
- Own SaaS vendor rationalization and procurement hygiene - Conduct regular vendor intelligence audits to identify tool overlaps, license waste and procurement gaps. Partner with Finance on SaaS spend optimization.
Leadership & Cross-Functional Partnership
- Strengthen the InfoSec, IT & Compliance function
- Develop and refine processes, tooling, and documentation to support organizational growth.
- Manage and mentor the IT Operations team.
- Partner with third-party compliance advisors to accelerate maturity.
- Act as the bridge between Legal, Engineering, IT, and the business — Translate complex legal language into actionable engineering requirements. Partner with Customer Success on practitioner-facing compliance communications. Coordinate cross-functional responses to regulatory inquiries, audits, and customer due diligence requests.
What You Bring
- 6+ years of relevant experience in information security, IT operations, privacy, and compliance roles, with at least 2+ years in healthcare SaaS or regulated industry
- Deep expertise in HIPAA/HITECH compliance, including Business Associate obligations, breach notification requirements, and Covered Entity vs. Business Associate determination frameworks
- Strong working knowledge of GDPR/UK GDPR and cross-border data transfer mechanisms
- Proven ability to negotiate and finalize vendor BAAs and DPAs, with a strong understanding of must-have vs. nice-to-have contractual terms
- Experience implementing security frameworks (SOC 2, ISO 27001, or equivalent) and managing third-party audits or certifications
- Hands-on experience leading IT operations for remote-first organizations, including identity & access management, device provisioning, and SaaS vendor management
- Prior experience building or scaling InfoSec, IT, and compliance functions from scratch in high-growth SaaS companies
- Technical grounding in SaaS architecture, APIs, data flows, infrastructure (cloud environments like AWS), and identity providers (Google Workspace, Okta, Microsoft 365)
- Exceptional communication skills - you can translate legal jargon into plain language for practitioners, write concise vendor negotiation emails, and present compliance strategies to executive leadership with clarity and confidence
- Bias for action and pragmatic risk management - you know when to escalate to legal counsel and when to make judgment calls independently
- Comfortable operating in a fast-moving, high-growth environment where priorities shift and ambiguity is the norm
Organizational context - The role would manage both the security/compliance function AND day-to-day IT operations, reporting directly to the VP of Engineering
Bonus Points
- Professional certifications (CIPP/US, CIPP/E, CIPM, CISSP, CISM, or equivalent)
- Experience with Canadian provincial privacy laws (PIPEDA, Quebec Law 25, PHIPA) and emerging US state privacy frameworks
- Hands-on experience with compliance automation tooling (Vanta, Drata, Secureframe, etc.) and IT service management platforms
- Background in fraud prevention, identity verification workflows
Compensation & Pay Transparency
At Practice Better, we believe in pay transparency, equity, and fairness. We benchmark compensation against similar-stage, high-growth SaaS companies in both Canada and the United States and review our salary bands regularly to ensure they remain competitive and aligned with market trends.
Each role has a defined pay range based on its level, scope, and geographic location. Final offers are determined by several factors, including experience, demonstrated skills, and location, to ensure consistency and equity across our team.
Anticipated Base Salary Range (Canada): $165,000 – $180,000/yr CAD
We take a holistic approach to compensation, combining salary, benefits, and flexibility. Our goal is to provide total rewards that support both your professional growth and personal well-being.
The range above reflects our expected compensation for this role, based on current market data. Final offers may vary depending on factors such as location, skills, depth of experience, and relevant certifications. All compensation ranges are reviewed regularly and may evolve over time to reflect changes in the market.
What We Offer
Comprehensive Benefits
We offer a robust benefits package for full-time, permanent employees, including health, dental, and vision coverage from day 1, as well as RRSP matching, generous paid parental leave, and annual learning stipends.
Remote-First, Connected Culture
Our remote-first model gives you autonomy and flexibility, with optional access to our downtown Toronto office for in-person collaboration. We also host regular off-sites and team gatherings across North America, because connection, creativity, and shared moments matter.
Wellness and Growth
- Unlimited vacation, built on trust, clear expectations, and real support for taking time off
- Company RRSP program with employer-matched contributions
- Comprehensive health and dental benefits from day 1
- $750 annual Health & Wellness Allowance
- $1,000 annual Learning & Development Allowance to support your growth
- $500 annual Home Office Allowance to set up a productive remote workspace
- Sprout Family: personalized support for family-building and fertility journeys
- Inkblot: confidential, digital mental health support from licensed professionals
- Company-wide holiday closure in December
- Regular virtual company-wide events, lunches, and team socials to stay connected
Thriving at Practice Better
At Practice Better, you are not just an employee. You are part of a mission-driven community dedicated to helping others thrive. You will be trusted with autonomy, encouraged to take ownership, and supported by a team that values curiosity, compassion, and meaningful results.
We believe great culture and great performance go hand in hand. Delivering on our commitments is how we earn the trust of our practitioners and continue to expand our impact. Here, you will find the freedom to experiment, a focus on follow-through, and the opportunity to grow, along with the satisfaction of knowing your work directly improves lives every day.
Our Commitment to Diversity, Equity & Belonging
We know innovation happens when diverse perspectives come together. Practice Better is committed to fostering an inclusive environment where every team member feels valued, supported, and empowered to contribute their best.
If you do not meet every requirement listed above, we still encourage you to apply. Research shows that underrepresented groups often hesitate unless they feel 100% qualified. We are far more interested in your potential, curiosity, and alignment with our values.
We are committed to building a workplace where everyone can do the best work of their careers. We welcome applicants of all backgrounds, experiences, and abilities. Accommodations are available throughout the interview process upon request.
Ready to Apply?
If this sounds like your next step, we would love to hear from you. Join us in shaping the future of health and wellness for practitioners, their clients, and communities worldwide.
Apply Now → https://practicebetter.io/careers
Vacancy Status: This posting is for an existing vacancy
Official Recruitment Notice & AI at Practice Better
All applications are reviewed directly by Practice Better’s internal Talent Acquisition team - no bots, no outsourcing. Legitimate communication from our hiring team will only come from email addresses ending in @practicebetter.io or @greenhouse.com.
Practice Better will never ask for payment, banking details, or personal financial information during the recruitment process. If you receive suspicious communication claiming to represent Practice Better, please contact our team at careers@practicebetter.io to verify its legitimacy.
AI in Recruitment at Practice Better
We use AI thoughtfully to take some of the repetitive work off our team’s plate: early drafts of job descriptions, first-round interview questions, and help reviewing larger applicant pools. It’s there to make the process smoother and more efficient for everyone.
What AI doesn’t do is make decisions. Every hiring decision is made by real people, using structured and consistent practices designed to reduce bias and ensure fairness.
We’re committed to using AI responsibly and reviewing our approach regularly so it stays aligned with best practices, legal guidance, and the kind of candidate experience we want to deliver.
Create a Job Alert
Interested in building your career at Practice Better? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field