Security Risk Manager

Hinge Health is building the world’s most patient-centered Digital Musculoskeletal (MSK) Clinic™. It is now the leading Digital MSK Clinic, used by four in five employers and 90% of health plans with a digital MSK solution. Hinge Health reduces MSK pain, surgeries, and opioid use by pairing advanced wearable sensors and computer vision technology with a comprehensive clinical care team of physical therapists, physicians, and board-certified health coaches. Hinge Health’s HingeConnect integrates with 750,000+ in-person providers and enables real-time interventions for elective MSK surgeries, driving proven medical claims reduction. Available to millions of members, Hinge Health is widely trusted by leading organizations, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, State of New Jersey, US Foods, and Verizon. Learn more at http://www.hingehealth.com.

The Manager Security Risk position will be responsible for overseeing the information and third party security riskManagement and governance functions at Hinge Health. This role will help define and maintain a comprehensive risk management program to identify, evaluate and monitor various information and third party security risks. This position will work closely with leaders throughout the organization to ensure that information security risk associated with critical Hinge Health assets, data, operations, and third-party relationships are properly identified and effectively managed.

________________________

We want to make you aware that there continues to be a significant increase in phishing attempts across all industries where fraudsters are impersonating real HR employees and sending fictitious job offers to applications in a scheme to obtain sensitive information.

Please note that we will never ask for your financial information at any part of the interview process including the post-offer stage, and will only correspond through @hingehealth.com domain email addresses.

If you encounter any suspicious activity, we recommend you cease all communication with the individual and consider reporting them to the US FBI Internet Crime Complaint Center.

If you would like to verify the legitimacy of an email you received from our recruiting team, please forward it to [email protected].

WHAT YOU'LL ACCOMPLISH

• Build and mature Hinge Health’s security policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, HITRUST) and regulatory/compliance requirements (e.g., HIPAA, Sarbanes Oxley, GDPR).
• Lead a team responsible for defining, maintaining, and maturing the organization security risk management program and functions.
• Enhance and manage the information security risk assessment process against our infrastructure, products and suppliers; establishing key metrics and partnering with stakeholders including IT and engineering teams to ensure appropriate plans are in place to mitigate identified risks and continuously improve the program
• Develop, communicate, and manage information security policies, standards, baselines and practices supporting information security frameworks.
• Lead and manage our third party and business partner security risk assessment programs and work closely with Legal and Security teams in negotiating security terms.
• Work closely with IT, Information Security, and Engineering teams to develop a strategy and program to effectively manage information security risk and further improve security posture and maturity.
• Automate common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.
• Build continuous security management, monitoring and testing capabilities within a cloud native environment.
• Remain up-to-date on legal and regulatory changes, emerging threats and evolving technologies and implement appropriate control mechanisms based on risks within Hinge Health’s environment.
• Gather and maintain a library of objective evidence to show ongoing compliance with the documented controls.
• Ability to put into practice security & privacy frameworks & standards such as ISO 27001, SOC2, GDPR, HITRUST and HIPAA.
• Coordinate security efforts with operational security to ensure seamless coverage of Hinge Health’s critical assets, data, application, informational property, networks, servers, and endpoints.
• Strong understanding of security risk management, integration with enterprise risk management, and the integration with business strategy.
• Develop and maintain a risk-based framework to mitigate and monitor third-party security risk.
• Provide information to external business partners and customers on Hinge Health’s internal security capabilities and practices in support of business objectives.

WHAT WE'RE LOOKING FOR

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience.
• Has experience in conducting data driven security risk assessments 
• 7+ years of experience in Information Security or a security related engineering role in a technical environment and experience driving security risk management activities
• Experience building an information security and third-party security risk management program while collaborating with cross functional teams to effectively manage risk.
• Experience implementing and executing cyber risk management methodologies and processes.
• Experience building and managing information security risk management teams.
• Strong understanding of strategic business imperatives and capable of articulating risk in the context of business objectives, deep working knowledge of relevant compliance, privacy, regulatory frameworks (e.g., HIPAA, HITRUST SOX, GDPR)
• Subject matter expertise of common information security management frameworks (e.g., HITRUST, NIST) and healthcare regulations.
• Knowledge of a cloud-services environment
• Experience with designing GRC processes including requirements gathering, process reviews and development, and implementation.
• Excellent written, verbal and nonverbal communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels of the organization as well as third-party executive and government agencies.
• Ability to articulate risks and recommended remediation/mitigation actions.
• Motivate, inspire, and create a positive work/team culture: You successfully maintain a high level of motivation, positive can-do attitude, and inclusive culture in your teams.

WHAT SHAPES OUR COMPANY

• Trust: We trust our teammates to always act in the team and company’s best interest. 
• Hustle: We’re creative, we’re unrelenting, we find a way.
• Effective communication: We’re prompt and concise. 
• Learn-it-all (vs know-it-all): We’re always willing to learn. 
• Frugal: We don’t waste money and especially not time.

WHAT YOU'LL LOVE ABOUT US

• Competitive compensation with meaningful equity
• Medical, Dental, Vision, Disability and Life Insurance (We cover 100% of your premium and 75% for your dependents) 
• Flexible PTO
• FSA/HSA accounts
• Family & fertility benefit through Maven Clinic
• 401K match 
• 3 months paid parental leave
• Professional Development budget 
• Monthly wellness benefit
• Generous mental health stipend
• Noise-cancelling headphones
• Work from home policy
• Opportunity to join a fantastically talented, diverse, and passionate team at a pivotal time in the company’s lifecycle

If you're interested - we'd love to hear from you. No recruiters, please.

Hinge Health is proud to be an Equal Employment Opportunity and Affirmative Action employer.

We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Hinge Health is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you feel you need assistance or an accommodation due to a disability, please let us know by reaching out to your Recruiter and we'll work with our accommodations team to evaluate your request.

We celebrate diversity and are committed to creating an inclusive environment for all employees.

Hinge Health is an E-verify employer