Senior Compliance Specialist, Business Resiliency

Our mission: to eliminate every barrier to mental health.

At Spring Health, we’re on a mission to revolutionize mental healthcare by removing every barrier that prevents people from getting the help they need, when they need it. Our clinically validated technology, Precision Mental Healthcare, empowers us to deliver the right care at the right time—whether it’s therapy, coaching, medication, or beyond—tailored to each individual’s needs.

We proudly partner with over 450 companies, from startups to multinational Fortune 500 corporations, as a leading provider of mental health service, providing care for 10 million people. Our clients include brands you use and know like Microsoft, Target, and Delta Airlines, all of whom trust us to deliver best-in-class outcomes for their employees globally. With our innovative platform, we’ve been able to generate a net positive ROI for employers and we are the only company in our category to earn external validation of net savings for customers.

We have raised capital from prominent investors including Generation Investment, Kinnevik, Tiger Global, Northzone, RRE Ventures, and many more. Thanks to their partnership and our latest Series E Funding, our current valuation has reached $3.3 billion. We’re just getting started—join us on our journey to make mental healthcare accessible to everyone, everywhere.

Reporting to the Sr Manager, IT Compliance, the Senior Compliance Specialist, Business Resiliency will support the design, execution, and continuous improvement of Spring Health’s enterprise resilience program. This role partners cross-functionally across all departments and with key vendors to ensure Spring Health can effectively prepare for, respond to, and recover from disruptive events, while meeting regulatory and customer assurance expectations. The Senior Compliance Specialist, Business Resiliency ensures annual BCP/DR and Crisis Management planning, testing, training, and reporting are delivered; enables and coordinates Department BCP/DR Champions and application owners to execute continuity activities; and ensures the enterprise structure (governance, standards, catalog management, and evidence readiness) is defined and operating, in a compliance capacity.

This is a full time hybrid role based in San Francisco, with an expectation to be in the office 2–3 days per week at our 2 Embarcadero Ctr. location. Candidates must be based in the San Francisco metro area or able to relocate independently within 90 days of their start date. Occasional travel will be required for team on-sites. 

What you’ll do:

• Coordinate and mature the enterprise Business Continuity (BC), Disaster Recovery (DR), and Crisis Management programs, ensuring they are actionable, measurable, and aligned to business risk and member safety.
• Serve as the central partner to Department BCP/DR Champions by providing templates, guidance, and "definitions of done" to ensure distributed execution across teams like Engineering, Clinical Operations, and Member Support.
• Plan and lead cross-functional exercises, including tabletops, functional drills, and technical DR tests, while documenting success criteria and after-action reports.
• Maintain the enterprise BCP/DR catalog for critical applications and business processes (tiering, ownership, dependencies, recovery objectives, artifact status, test history), incorporating updates surfaced by Champions and application owners.
• Coordinate the Business Impact Analysis (BIA) and critical service mapping process to keep recovery priorities and minimum service levels aligned to real-world operational impact.
• Maintain and test escalation paths, communication workflows, and stakeholder contact mechanisms to ensure alignment with broader incident response practices.
• Consolidate findings from drills and incidents into an accountable backlog, driving follow-ups and escalating blockers through governance forums.
• Produce leadership reporting on resilience posture (KPIs/KRIs, readiness heatmaps, top risks, testing outcomes, remediation aging), highlighting where Champions/teams need support or prioritization.
• Support annual audit readiness for SOC 2 Type II, HITRUST, HIPAA, and ISO 27001 by maintaining control narratives and high-quality evidence discipline.
• Contribute to customer assurance efforts, including drafting security questionnaire responses and conducting vendor due diligence or third-party risk monitoring.
• Perform internal control testing, such as access reviews and artifact updates, while maintaining GRC tooling to ensure data is accurate and audit-ready.
• Draft and maintain policies, procedures, and SOPs in alignment with established enterprise standards and regulatory frameworks.

What success looks like:

• Spring Health builds a demonstrable ability to respond quickly to disruptions while maintaining safe, reliable operations and meeting recovery objectives.
• Annual enterprise BCP/DR and Crisis Management exercises are planned, executed, and documented end-to-end (including tabletops, functional continuity drills, and technical DR tests where applicable), with clear success criteria, after-action reporting, and follow-through on improvements.
• Departmental Champions are set up for success with a clear operating rhythm, allowing them to maintain artifacts and drills with minimal friction.
• Critical P0/P1 services have current, tested runbooks and validated communication paths that reflect business and member impact.
• Audit and customer assurance expectations are met efficiently through organized evidence and a clear narrative of how our distributed program operates.
• Informed Leadership: Executive leadership has a timely, accurate view of the company’s resilience posture, including readiness heatmaps and top risks.
• You demonstrate increasing autonomy and judgment, successfully handling complex compliance work and building strong cross-functional relationships.

What you’ll bring:

• Bachelor’s degree (or equivalent experience) plus 5+ years in business continuity, disaster recovery, crisis management, technology risk, GRC, IT operations, or related program management, ideally in a regulated and/or healthcare-adjacent environment.
• Demonstrated experience running enterprise-wide programs with distributed ownership, where success depends on enabling and coordinating “champions” or delegates across departments rather than doing all execution centrally.
• Deep knowledge of BIA, dependency mapping, and RTO/RPO concepts, and how they translate into practical technical and operational runbooks
• Hands-on experience supporting audits or assessments aligned to SOC 2, HITRUST, HIPAA, GDPR, or ISO 27001.
• Strong attention to detail with the ability to manage multiple workstreams, evidence collection, and remediation tracking simultaneously
• Nice to Have: CBCP/CBCI or ISO 22301 training; familiarity with cloud/SaaS resilience patterns; experience with GRC tools and Jira/Asana workflows.

The target base salary range for this position is $125,000 - $158,700, and is part of a competitive total rewards package including equity and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay.

Benefits provided by Spring Health:

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

• Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
• Employer sponsored 401(k) match of up to 2% for retirement planning
• A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
• We offer competitive paid time off policies including vacation, sick leave and company holidays.
• At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
• Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals. 
• Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
• Access to Wellhub,  which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
• Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
• Up to $1,000 Professional Development Reimbursement a year.
• $200 per year donation matching to support your favorite causes.

Not sure if you meet every requirement? Research shows that women and people from historically underrepresented communities often hesitate to apply for roles unless they meet every qualification compared to other similarly-qualified candidates. At Spring Health, we are committed to fostering a workplace where everyone feels valued, empowered, and supported to Thrive. If this role excites you, we encourage you to apply.

Ready to do the most impactful work of your life? Learn more about our values, what it’s like to work here, and how hypergrowth meets impact at Spring Health: Our Values

Our privacy policy: https://springhealth.com/privacy-policy/

Spring Health is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex, marital status, ancestry, disability, genetic information, veteran status, gender identity or expression, sexual orientation, pregnancy, or other applicable legally protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with applicable legal requirements. Spring Health is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you have a disability or special need that requires accommodation, please let us know.