Security Governance Program Manager

Job description

Who We Are

We are Imagine Pediatrics, an innovative, tech-enabled, pediatrician-led medical group that helps children with special health care needs get the quality ²⁴⁄₇ care and support they deserve, right from home. Energized by our mission to reimagine pediatric health care together, we improve the health and lives of children special health care needs by breaking down the barriers that stand between families and the quality care their children need. We are committed to doing better for them: to put their best interests in the front of our minds and center of our hearts and channel that passion every day to boldly remove these barriers.

By partnering with parents, caregivers, providers, community resources, and health plans, we provide these children with more access to virtual-first and in-home medical, behavioral, and social care and empower them and their families to get the unwavering, ²⁴⁄₇ support they deserve. We don’t replace a child’s existing care team. Instead, we work with them to give every patient an expanded layer of support by delivering unlimited, virtual-first and in-home care, day and night. Every step toward that goal we take with equal parts compassion and creativity. Together, we’re always reaching for the profound impact that we know we can and must make.

What You’ll Do

In this newly created role, the Security Governance Program Manager will be responsible for day-to-day implementation and management of a HITRUST program as well as coordinating security risk management and vendor due diligence for Imagine Pediatrics. You will:

• Serve as a key subject matter expert (SME) for governance, risk, and compliance within Imagine Pediatrics’ information security team.
• Support the implementation and ongoing program management for HITRUST r2 certification.
• Maintain Imagine Pediatrics’ security policies, standards, and procedures.
• Lead and enhance the third-party/vendor risk management program.
• Administer the security GRC toolset, including the enterprise risk register.
• Coordinate and drive internal security risk assessments and auditing activities.
• Collaborate with business and clinical teams to ensure effective ePHI management.
• Respond to third-party security and privacy diligence requests.
• Work with external auditors and partners on security certifications and attestations.

What You Bring & How You Qualify

First and foremost, you’re passionate and committed to reimagining pediatric health care and creating a world where every child with complex medical conditions gets the care and support they deserve. You will need:

• BS degree in computing, information security, or a related field. MS degree preferred.
• 5+ years of information security GRC or audit experience accepted in lieu of a degree.
• Strong experience implementing and maintaining a HITRUST r2 program.
• Working knowledge of healthcare industry security and privacy regulations (HIPAA, HITECH).
• Experience with SOC 2, ISO 27001 and NIST security frameworks.
• Industry certifications preferred, such as CRISC, CISA, CISM, or ISO 27001 Lead Auditor.
• Prior experience supporting security in healthcare companies.
• Experience with compliance automation tools like Hyperproof, Drata or Vanta is a plus.
• Highly organized, motivated, and capable of working independently as a self-starter.
• Excellent communication skills, with the ability to translate complex compliance requirements for technical and business audiences.

What We Offer (Benefits + Perks)

The role offers a base salary range of $110,000 - $140,000 in addition to annual bonus, competitive company benefits package and eligibility to participate in an employee equity purchase program (as applicable). When determining compensation, we analyze and carefully consider several factors including job-related knowledge, skills and experience. These considerations may cause your compensation to vary.

We provide these additional benefits and perks:

• Competitive medical, dental, and vision insurance
• Healthcare and Dependent Care FSA; Company-funded HSA
• 401(k) with 4% match, vested 100% from day one
• Employer-paid short and long-term disability
• Life insurance at 1x annual salary
• 20 days PTO + 10 Company Holidays & 2 Floating Holidays
• Paid new parent leave
• Additional benefits to be detailed in offer

What We Live By

We’re guided by our five core values:

• Children first.We put the best interests of children above all. We are uncompromising in our commitment to improving the lives of children and families by bringing the best care to them.
• Earn trust.We cherish the trusting relationships we build with the children and families we serve, our partners, and each other. We seek first to understand and speak honestly.
• Innovate today. We refuse to accept the way things have always been done. Children and families are waiting for our help and their bravery demands that we relentlessly challenge assumptions to develop new approaches.
• Embrace humanity. We lead with empathy and authenticity, presuming competence and good intentions. When we stumble, we use the opportunity to learn and grow stronger.
• One team, diverse perspectives. We work alongside families as one team towards a shared purpose. We champion diversity and acknowledge the contributions of others.

We Value Diversity, Equity, Inclusion and Belonging

We believe that creating a world where every child with complex medical conditions gets the care and support, they deserve requires a diverse team with diverse perspectives. We’re proud to be an equal opportunity employer. People seeking employment at Imagine Pediatrics are considered without regard to race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, marital or veteran status, age, national origin, ancestry, citizenship, physical or mental disability, medical condition, genetic information, or characteristics (or those of a family member), pregnancy or other status protected by applicable law.