Reducing the effort to maintain and demonstrate our alignment to HITRUST by maximizing our use of Vanta to automate the collection of evidence, maintain up to date documentation, and deploy continuous testing of controls.
Aligning with our cross-functional teams as they deliver on their controls and support our security processes, ensuring clarity and accountability for all parties.
Leading our annual and ongoing risk assessment processes including the managing the risk register and mitigation plans
Enabling company growth acceleration by facilitating the strategic and thoughtful completion of customer and vendor security reviews
Overseeing incident response processes, supporting documentation, and corrective actions
Deploying and managing the third-party vendor management program and processes.
Oversees the selection and deployment of security related training across the enterprise
Creating and managing dashboards and other materials that keep leadership informed and support Committee and Board meetings

Requirements

8-10 years of security program experience, with 4-5 years of direct experience building and implementing GRC tooling and processes
Familiarity and experience helping design controls in AWS cloud environments and infrastructure that meet regulatory commitments
Demonstrated experience with Vanta
Demonstrated experience with security monitoring tools including:
- Crowdstrike
- Panther
- DefectDojo
- AWS native security tooling (Inspector, Config, SecurityHub)
Experience leading audits of security frameworks (e.g. SOC 2 Type 2, ISO *27001, HITRUST). Preference given to those with HITRUST experience.

Benefits

Medical, Dental and Vision Benefits
Flexible PTO
Universal Paid Family Leave
Company sponsored One Medical memberships and Citibike memberships
Medical Travel Benefits
A monthly wellness stipend that gives employees the freedom to choose where they spend their cash, whether it be on wellness, pet care, childcare, WFH items, or charitable donations
Stock Options & a 401k matching program
Career development opportunities like Manager Training, coaching, and an internal mobility program
A broad calendar of company sponsored social events that for our in-office and remote employees

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security program experienceGRC toolingAWS cloud environmentssecurity monitoring toolsincident responserisk assessmentvendor managementsecurity frameworksHITRUSTaudits

Soft Skills

leadershipcross-functional collaborationaccountabilitystrategic facilitationcommunication

Certifications

SOC 2 Type 2ISO 27001