Security Risk - Program Manager
To see similar active jobs please follow this link: Remote Management jobs
What You’ll Be Doing:
Grow Therapy is seeking an experienced Security Risk, PM to join our growing, remote-friendly Security team. This is the first role of its kind at Grow, and reports directly to our Head of Security.
This is a hands-on role, and is responsible for building and owning Grow’s Security compliance and risk management program. This position will be part of a growing group of security, legal, and compliance experts across the company and work with technology, legal and business partners to meet our risk management needs.
This role must collaborate effectively with development, engineering, and operations counterparts as well as internal and external partners to identify, articulate, prioritize, manage, and monitor security risks to protect Grow data, services, and information assets.
Responsibilities:
Develop, implement, mature, and champion risk management processes and concepts.
Deploy the risk management framework, processes, and tools to conduct risk assessments effectively and consistently.
Conduct third-party risk assessments and security reviews of third-party vendors/suppliers.
Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.
Conduct risk assessments of business units, critical processes and information assets.
Partner with Legal and Compliance to prepare Grow for external audits and certifications (e.g HIPAA, SOC 2)
Manage our security risk posture and define and report key risk metrics to management on a regular basis
You’ll be a good fit if you have:
A minimum of 7 years of experience in information security risk management, including risk assessment and treatment, risk metrics and trend analysis
Experience building and implementing Third Party Security Risk Assessment (TPSRA) programs.
Strong knowledge of healthcare security and data privacy standards and regulations such as HIPAA, HITRUST, GDPR, CCPA, etc.
Strong analytical and problem-solving skills.
Strong written and verbal communication skills, building strong relationships at all levels of the organization from executives to project teams.
Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly.
Knowledge of how to use data to influence program strategy and tell compelling stories about organizational effectiveness and impact.
Salary range: $127,000 - $166,000
If you don’t meet every single requirement, but are still interested in the job, please apply. Nobody checks every box, and Grow belives the perfect candidate is more than just a resume.
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on January 11, 2025.
Please see the independent bias audit report covering our use of Covey here.
About the job
Security Risk - Program Manager
To see similar active jobs please follow this link: Remote Management jobs
What You’ll Be Doing:
Grow Therapy is seeking an experienced Security Risk, PM to join our growing, remote-friendly Security team. This is the first role of its kind at Grow, and reports directly to our Head of Security.
This is a hands-on role, and is responsible for building and owning Grow’s Security compliance and risk management program. This position will be part of a growing group of security, legal, and compliance experts across the company and work with technology, legal and business partners to meet our risk management needs.
This role must collaborate effectively with development, engineering, and operations counterparts as well as internal and external partners to identify, articulate, prioritize, manage, and monitor security risks to protect Grow data, services, and information assets.
Responsibilities:
Develop, implement, mature, and champion risk management processes and concepts.
Deploy the risk management framework, processes, and tools to conduct risk assessments effectively and consistently.
Conduct third-party risk assessments and security reviews of third-party vendors/suppliers.
Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.
Conduct risk assessments of business units, critical processes and information assets.
Partner with Legal and Compliance to prepare Grow for external audits and certifications (e.g HIPAA, SOC 2)
Manage our security risk posture and define and report key risk metrics to management on a regular basis
You’ll be a good fit if you have:
A minimum of 7 years of experience in information security risk management, including risk assessment and treatment, risk metrics and trend analysis
Experience building and implementing Third Party Security Risk Assessment (TPSRA) programs.
Strong knowledge of healthcare security and data privacy standards and regulations such as HIPAA, HITRUST, GDPR, CCPA, etc.
Strong analytical and problem-solving skills.
Strong written and verbal communication skills, building strong relationships at all levels of the organization from executives to project teams.
Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly.
Knowledge of how to use data to influence program strategy and tell compelling stories about organizational effectiveness and impact.
Salary range: $127,000 - $166,000
If you don’t meet every single requirement, but are still interested in the job, please apply. Nobody checks every box, and Grow belives the perfect candidate is more than just a resume.
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on January 11, 2025.
Please see the independent bias audit report covering our use of Covey here.