Security Governance - Risk and Compliance Lead / Security Program Manager

What You’ll Be Doing:

Grow Therapy is seeking an experienced Security Governance Risk Management and Compliance (GRC) Lead to join our growing remote-friendly Security team. This is the first role of its kind at Grow and reports directly to our Head of Security.

The GRC Lead is a hands-on role and is responsible for building and owning Grow’s Security compliance and risk management program. This position will be part of a growing group of security legal and compliance experts across the company and work with technology legal and business partners to meet our risk management needs.

This role must collaborate effectively with development engineering and operations counterparts as well as internal and external partners to identify articulate prioritize manage and monitor security risks to protect Grow data services and information assets.

Responsibilities:

Develop implement mature and champion risk management processes and concepts. Deploy the risk management framework processes and tools to conduct risk assessments effectively and consistently. Conduct third-party risk assessments and security reviews of third-party vendors/suppliers. Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements. Conduct risk assessments of business units critical processes and information assets. Partner with Legal and Compliance to prepare Grow for external audits and certifications (e.g HIPAA SOC 2) Manage our security risk posture and define and report key risk metrics to management on a regular basis

You’ll be a good fit if you have:

A minimum of 7 years of experience in information security risk management including risk assessment and treatment risk metrics and trend analysis Experience building and implementing Third Party Security Risk Assessment (TPSRA) programs. Strong knowledge of healthcare security and data privacy standards and regulations such as HIPAA HITRUST GDPR CCPA etc. Strong analytical and problem-solving skills. Strong written and verbal communication skills building strong relationships at all levels of the organization from executives to project teams. Detail oriented and highly organized with the ability to thrive in a fast-paced environment and prioritize accordingly. Knowledge of how to use data to influence program strategy and tell compelling stories about organizational effectiveness and impact.

Salary range: $127000 - $166000

If you don’t meet every single requirement but are still interested in the job please apply. Nobody checks every box and Grow belives the perfect candidate is more than just a resume.