Job Description
Aledade exists to help independent primary care practices survive and thrive — and to bend the healthcare cost curve by reducing the most suffering and saving the most lives. That mission runs on trust: trust that patient data is protected, that financial controls hold, that the systems clinicians and patients depend on are secure and reliable.
This role exists to scale that trust through security as a foundation, not the friction.
As Sr Security TPM, you bring vision and depth across multiple disciplines: the controls and compliance frameworks that are non-negotiable in healthcare and financial operations, the engineering instincts that come from understanding how engineering teams actually work — their cycles, their constraints, their craft — and knowing how to weave security into that fabric as a native discipline, not an outside requirement, and the program leadership to make it all move at the speed the technology landscape demands. You understand where a security program is, what it needs to become, and how to build the structures that get it there — durably, extensibly, and without creating hurdles or stovepipes along the way.
You see security as infrastructure. You engineer the highways — not the roadblocks — so that the compliance requirements, control frameworks, and engineering practices that protect Aledade’s patients, practices, and people aren’t obstacles to work around. They’re already built into how work gets done, smoothing the way for the trust this mission depends on.
Primary Duties
Diagnose, prioritize, and drive security program maturity
Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt
Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality — without waiting to be handed a problem statement
Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives
Hold the line on outcomes — not activity or artifacts.
Translate security requirements into engineering practice
Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship
Own the intersection of what security requires and what engineering can build — and move both sides toward it, fluently
Remove the blockers that sit between security intent and engineering execution
Build the habits and structures that outlast any individual program or initiative
Own the compliance surface without losing sight of real risk
Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale — not just satisfy milestone audits
Sequence compliance investments against where the company is going, not just where it’s been
Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale
Shape the AI security framework before it becomes a crisis
Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build
Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against
Operate with conviction in a space where the industry is still writing the rules
Drive alignment across a complex, high-stakes intersection
Operate at the seam between security, engineering, compliance, legal, and finance — without owning any of the headcount
Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path, not walking it for them
Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper
Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives
Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team
Minimum Qualifications
10+ years in technical program management at Staff-level scope — cross-org, ambiguous, high-stakes security programs
Deep security domain fluency: frameworks, controls, HIPAA and financial-specific obligations, risk management — and how all of it maps to real engineering decisions
Technical judgment strong enough to question the status quo, challenge architectural decisions, and identify real risk versus inherited noise
Proven track record of transforming security programs — advancing maturity, closing gaps, and positioning programs for where the business is going
Influence without authority across senior security, engineering, compliance, and executive stakeholders
Outcomes orientation: risk reduction and program maturity
Preferred KSA’s
Experience in healthcare or other highly regulated environments where security failure has consequences beyond the company
Track record of building security governance and operating models from the ground up
Familiarity with AI and ML risk frameworks and emerging AI governance practice
Operated at a company in significant growth — where the security foundation had to be built while the business was already running on it
Can move between a threat model conversation with a security engineer and a risk framing conversation with a CFO without losing accuracy in either direction
Physical Requirements
- Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.
Who We Are:
Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we’ve become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you’re eager to join a collaborative, inclusive and remote-first culture - you’ve come to the right place.
What Does This Mean for You?
At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission.
In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members:
Flexible work schedules and the ability to work remotely are available for many roles
Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners
Robust time-off plan (21 days of PTO in your first year)
Two paid volunteer days and 11 paid holidays
12 weeks paid parental leave for all new parents
Six weeks paid sabbatical after six years of service
Educational Assistant Program and Clinical Employee Reimbursement Program
401(k) with up to 4% match
Stock options
And much more!
At Aledade, we don’t just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation.
Privacy Policy: By applying for this job, you agree to Aledade’s Applicant Privacy Policy available at https://www.aledade.com/privacy-policy-applicants
We may use automated tools, including artificial intelligence (AI), to help organize and evaluate application materials. These tools support our recruiters and hiring managers by helping manage large applicant pools. Human judgment plays an essential role in our hiring process, including in the oversight and use of any automated tools. If you would like more information about our screening and hiring process, please contact us.
