Security Governance Program Manager

Summary

Join Imagine Pediatrics, a tech-enabled pediatric medical group, as their new Security Governance Program Manager. This newly created role involves the day-to-day implementation and management of a HITRUST program, coordinating security risk management, and vendor due diligence. You will serve as a subject matter expert for governance, risk, and compliance, supporting HITRUST r2 certification, maintaining security policies, and leading the third-party risk management program. The position also includes administering security GRC tools, coordinating risk assessments, collaborating with business and clinical teams, responding to third-party requests, and working with external auditors. Passion for reimagining pediatric healthcare is essential. A competitive salary and benefits package are offered.

Requirements

• BS degree in computing, information security, or a related field
• 5+ years of information security GRC or audit experience accepted in lieu of a degree
• Strong experience implementing and maintaining a HITRUST r2 program
• Working knowledge of healthcare industry security and privacy regulations (HIPAA, HITECH)
• Experience with SOC 2, ISO 27001 and NIST security frameworks
• Prior experience supporting security in healthcare companies
• Highly organized, motivated, and capable of working independently as a self-starter
• Excellent communication skills, with the ability to translate complex compliance requirements for technical and business audiences

Responsibilities

• Serve as a key subject matter expert (SME) for governance, risk, and compliance within Imagine Pediatrics' information security team
• Support the implementation and ongoing program management for HITRUST r2 certification
• Maintain Imagine Pediatrics' security policies, standards, and procedures
• Lead and enhance the third-party/vendor risk management program
• Administer the security GRC toolset, including the enterprise risk register
• Coordinate and drive internal security risk assessments and auditing activities
• Collaborate with business and clinical teams to ensure effective ePHI management
• Respond to third-party security and privacy diligence requests
• Work with external auditors and partners on security certifications and attestations

Preferred Qualifications

• MS degree preferred
• Industry certifications preferred, such as CRISC, CISA, CISM, or ISO 27001 Lead Auditor
• Experience with compliance automation tools like Hyperproof, Drata or Vanta is a plus

Benefits

• Competitive medical, dental, and vision insurance
• Healthcare and Dependent Care FSA; Company-funded HSA
• 401(k) with 4% match, vested 100% from day one
• Employer-paid short and long-term disability
• Life insurance at 1x annual salary
• 20 days PTO + 10 Company Holidays & 2 Floating Holidays
• Paid new parent leave
• Additional benefits to be detailed in offer