Security Governance Program Manager

Imagine Pediatrics Logo

Imagine Pediatrics

πŸ’΅ $110k-$140k
πŸ“Remote - United States

Summary

Join Imagine Pediatrics, a tech-enabled pediatric medical group, as their new Security Governance Program Manager. This newly created role involves the day-to-day implementation and management of a HITRUST program, coordinating security risk management, and vendor due diligence. You will serve as a subject matter expert for governance, risk, and compliance, supporting HITRUST r2 certification, maintaining security policies, and leading the third-party risk management program. The position also includes administering security GRC tools, coordinating risk assessments, collaborating with business and clinical teams, responding to third-party requests, and working with external auditors. Passion for reimagining pediatric healthcare is essential. A competitive salary and benefits package are offered.

Requirements

  • BS degree in computing, information security, or a related field
  • 5+ years of information security GRC or audit experience accepted in lieu of a degree
  • Strong experience implementing and maintaining a HITRUST r2 program
  • Working knowledge of healthcare industry security and privacy regulations (HIPAA, HITECH)
  • Experience with SOC 2, ISO 27001 and NIST security frameworks
  • Prior experience supporting security in healthcare companies
  • Highly organized, motivated, and capable of working independently as a self-starter
  • Excellent communication skills, with the ability to translate complex compliance requirements for technical and business audiences

Responsibilities

  • Serve as a key subject matter expert (SME) for governance, risk, and compliance within Imagine Pediatrics' information security team
  • Support the implementation and ongoing program management for HITRUST r2 certification
  • Maintain Imagine Pediatrics' security policies, standards, and procedures
  • Lead and enhance the third-party/vendor risk management program
  • Administer the security GRC toolset, including the enterprise risk register
  • Coordinate and drive internal security risk assessments and auditing activities
  • Collaborate with business and clinical teams to ensure effective ePHI management
  • Respond to third-party security and privacy diligence requests
  • Work with external auditors and partners on security certifications and attestations

Preferred Qualifications

  • MS degree preferred
  • Industry certifications preferred, such as CRISC, CISA, CISM, or ISO 27001 Lead Auditor
  • Experience with compliance automation tools like Hyperproof, Drata or Vanta is a plus

Benefits

  • Competitive medical, dental, and vision insurance
  • Healthcare and Dependent Care FSA; Company-funded HSA
  • 401(k) with 4% match, vested 100% from day one
  • Employer-paid short and long-term disability
  • Life insurance at 1x annual salary
  • 20 days PTO + 10 Company Holidays & 2 Floating Holidays
  • Paid new parent leave
  • Additional benefits to be detailed in offer

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.