Web Compliance Manager

Overview

Reporting to the Director of Digital Communications, the Website Compliance Manager will play a critical role in safeguarding and advancing the institution’s expansive digital presence, which supports both Cancer Research & Patient Care, and the Institute’s Philanthropic and Advancement efforts. This individual will be responsible for ensuring that all public-facing websites and mobile applications adhere to applicable laws, regulations, and institutional policies—including HIPAA, Privacy, Information Security, and Accessibility (WCAG/ADA).

By partnering with internal requestors, external vendors, and the Institute’s IS, Compliance and General Counsel, the Website Compliance Manager will establish compliance at the outset of new projects, maintain vigilance across existing platforms, and protect against risks related to the improper handling of Personally Identifiable Information (PII) and Protected Health Information (PHI).

This role directly supports the institution’s mission by ensuring that digital platforms used by patients, caregivers, researchers, and the broader public are secure, accessible, compliant, and trustworthy. By managing digital compliance, the Website Compliance Manager will protect the Institute’s reputation, reduce risk, and ensure equitable access to critical cancer care and research information.

Located in Boston and the surrounding communities, Dana-Farber Cancer Institute is a leader in life changing breakthroughs in cancer research and patient care. We are united in our mission of conquering cancer, HIV/AIDS, and related diseases. We strive to create an inclusive, diverse, and equitable environment where we provide compassionate and comprehensive care to patients of all backgrounds, and design programs to promote public health particularly among high-risk and underserved populations. We conduct groundbreaking research that advances treatment, we educate tomorrow's physician/researchers, and we work with amazing partners, including other Harvard Medical School-affiliated hospitals.

Primary Duties and Responsibilities

Compliance & Risk Management

• Ensure all websites and mobile applications are compliant with HIPAA and other privacy regulations.
• Validate that no PII or PHI is improperly disclosed, collected, or transmitted to third parties.
• Oversee adherence to institutional Information Security protocols.
• Confirm that all sites meet established WCAG/ADA accessibility standards to ensure equal access for patients, caregivers, and researchers.
• Support the marketing brand team with Brand Requirements and Standards.

Governance & Review

• Partner with internal requestors to evaluate and approve new website initiatives, ensuring they meet regulatory, security, accessibility, and brand compliance requirements before launch.
• Conduct annual compliance audits of all public-facing websites and applications, leveraging automated tools such as Silktide, Siteimprove, or equivalent platforms.
• Document audit results, provide clear recommendations, and work with site owners to implement necessary remediations.
• Develop and maintain policies, procedures, and checklists for ongoing website governance.

Training & Collaboration

• Educate staff and stakeholders on digital compliance standards, requirements, and best practices.
• Serve as a key liaison between internal clients/vendors and the Institute’s Web Governance Committee – a cross-functional body comprised of compliance SMEs including Information Security, Privacy Compliance, General Counsel and Research Integrity.
• Provide consultative support during vendor selection and contract reviews to ensure compliance requirements are met.

Continuous Improvement

• Stay current with evolving regulations, standards, and best practices related to Privacy, InfoSec, Accessibility, and healthcare compliance.
• Proactively recommend improvements in monitoring, auditing, and governance processes.
• Track emerging risks and ensure the institution remains ahead of compliance obligations.

Knowledge, Skills and Abilities

• Ability to independently troubleshoot and resolve issues.
• Experience with application monitoring tools such as OneTrust, Silktide, Dynatrace, NewRelic, DataDog & Agile.
• Self-motivated individual with strong leadership, analytical and interpersonal skills
• Strong knowledge of HIPAA regulations, digital privacy standards, and healthcare compliance frameworks.
• Familiarity with WCAG/ADA accessibility standards and accessibility testing tools.
• Ability to manage multiple projects, meet deadlines, and collaborate with diverse stakeholders.
• Excellent communication, problem-solving, and project management skills.

Minimum Job Qualifications

• Bachelor’s degree required, preferably in Information Technology, Digital Communications, Cybersecurity, Health Informatics or related field.
• 5+ years of experience in website governance, digital compliance or related role required.
• Experience within healthcare or research institutions preferred.

License/Certification/Registration Required: n/a

Supervisory Responsibilities: None

Patient Contact: None

At Dana-Farber Cancer Institute, we work every day to create an innovative, caring, and inclusive environment where every patient, family, and staff member feels they belong. As relentless as we are in our mission to reduce the burden of cancer for all, we are committed to having faculty and staff who offer multifaceted experiences. Cancer knows no boundaries and when it comes to hiring the most dedicated and compassionate professionals, neither do we. If working in this kind of organization inspires you, we encourage you to apply.

Dana-Farber Cancer Institute is an equal opportunity employer and affirms the right of every qualified applicant to receive consideration for employment without regard to race, color, religion, sex, gender identity or expression, national origin, sexual orientation, genetic information, disability, age, ancestry, military service, protected veteran status, or other characteristics protected by law.

.

Pay Transparency Statement

The hiring range is based on market pay structures, with individual salaries determined by factors such as business needs, market conditions, internal equity, and based on the candidate’s relevant experience, skills and qualifications.

For union positions, the pay range is determined by the Collective Bargaining Agreement (CBA).

-