Security Governance Program Manager

Imagine Pediatrics
Summary
Join Imagine Pediatrics, a tech-enabled pediatric medical group, as their new Security Governance Program Manager. This newly created role involves the day-to-day implementation and management of a HITRUST program, coordinating security risk management, and vendor due diligence. You will serve as a subject matter expert for governance, risk, and compliance, supporting HITRUST r2 certification, maintaining security policies, and leading the third-party risk management program. The position also includes administering security GRC tools, coordinating risk assessments, collaborating with business and clinical teams, responding to third-party requests, and working with external auditors. Passion for reimagining pediatric healthcare is essential. A competitive salary and benefits package are offered.
Requirements
- BS degree in computing, information security, or a related field
- 5+ years of information security GRC or audit experience accepted in lieu of a degree
- Strong experience implementing and maintaining a HITRUST r2 program
- Working knowledge of healthcare industry security and privacy regulations (HIPAA, HITECH)
- Experience with SOC 2, ISO 27001 and NIST security frameworks
- Prior experience supporting security in healthcare companies
- Highly organized, motivated, and capable of working independently as a self-starter
- Excellent communication skills, with the ability to translate complex compliance requirements for technical and business audiences
Responsibilities
- Serve as a key subject matter expert (SME) for governance, risk, and compliance within Imagine Pediatrics' information security team
- Support the implementation and ongoing program management for HITRUST r2 certification
- Maintain Imagine Pediatrics' security policies, standards, and procedures
- Lead and enhance the third-party/vendor risk management program
- Administer the security GRC toolset, including the enterprise risk register
- Coordinate and drive internal security risk assessments and auditing activities
- Collaborate with business and clinical teams to ensure effective ePHI management
- Respond to third-party security and privacy diligence requests
- Work with external auditors and partners on security certifications and attestations
Preferred Qualifications
- MS degree preferred
- Industry certifications preferred, such as CRISC, CISA, CISM, or ISO 27001 Lead Auditor
- Experience with compliance automation tools like Hyperproof, Drata or Vanta is a plus
Benefits
- Competitive medical, dental, and vision insurance
- Healthcare and Dependent Care FSA; Company-funded HSA
- 401(k) with 4% match, vested 100% from day one
- Employer-paid short and long-term disability
- Life insurance at 1x annual salary
- 20 days PTO + 10 Company Holidays & 2 Floating Holidays
- Paid new parent leave
- Additional benefits to be detailed in offer
Share this job:
Similar Remote Jobs

