Sr. Security Risk Specialist

WHAT YOU'LL ACCOMPLISH

• Build and mature Hinge Health’s security policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, HITRUST) and regulatory/compliance requirements (e.g., HIPAA, Sarbanes Oxley, GDPR).
• Strong emphasis will be on planning and executing IT audits, as well as, performing controls assessments for industry accepted frameworks such as SOX, NIST, HITRUST 
• Plan & lead complex assessments for IT general and application controls in the areas of system development, Identity and Access Management (IAM), logging and monitoring, vulnerability management, change management, logical access, data networks, computer operations, business continuity and disaster recovery.
• Deliver technical guidance related to enhancing the security posture of information systems solutions.
• Work closely with IT, Information Security, and Engineering teams to develop a strategy and program to effectively manage information security risk and further improve security posture and maturity.
• Automate common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.
• Build continuous security management, monitoring and testing capabilities within a cloud native environment.
• Evaluate the design and effectiveness of controls, as well as, track, monitor and assist process owners with remediation plans.
• Remain up-to-date on legal and regulatory changes, emerging threats and evolving technologies and implement appropriate control mechanisms based on risks within Hinge Health’s environment.
• Gather and maintain a library of objective evidence to show ongoing compliance with the documented controls.
• Ability to put into practice security & privacy frameworks & standards such as ISO 27001, SOC2, GDPR, HITRUST and HIPAA.
• Provide information to external business partners and customers on Hinge Health’s internal security capabilities and practices in support of business objectives.

WHAT WE'RE LOOKING FOR

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience.
• Experience in public accounting and/or internal audit functions involving public companies with exposure to advanced information system audit techniques, including but not limited to SOX 404, NIST SP 800-53, NIST CSF, HITRUST, PCI DSS, SOC 1, SOC 2, ISO 27001, etc.
• 5+ years of experience in Information Security and experience driving security risk management activities
• At least three (3) years of experience performing IT General Controls (ITGCs) and/or IT Application Controls assessments; evaluating risks-based principles and executing audit programs.
• Experience building an information security and third-party security risk management program while collaborating with cross functional teams to effectively manage risk.
• Has experience in conducting data driven security risk assessments 
• Deep working knowledge of relevant compliance, privacy, regulatory frameworks (e.g., HIPAA, HITRUST SOX, GDPR)
• Subject matter expertise of common information security management frameworks (e.g., HITRUST, NIST) and healthcare regulations.
• Knowledge of a cloud-services environment
• Experience with designing GRC processes including requirements gathering, process reviews and development, and implementation.
• Excellent written, verbal and nonverbal communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels of the organization as well as third-party executive and government agencies.
• Motivate, inspire, and create a positive work/team culture: You successfully maintain a high level of motivation, positive can-do attitude, and inclusive culture in your teams.
• Remote eligibility with strong preferences to candidates near San Francisco, New York or Minneapolis.

WHAT SHAPES OUR COMPANY

• Trust: We trust our teammates to always act in the team and company’s best interest. 
• Hustle: We’re creative, we’re unrelenting, we find a way.
• Effective communication: We’re prompt and concise. 
• Learn-it-all (vs know-it-all): We’re always willing to learn. 
• Frugal: We don’t waste money and especially not time.

WHAT YOU'LL LOVE ABOUT US

• Competitive compensation with meaningful equity
• Medical, Dental, Vision, Disability and Life Insurance (We cover 100% of your premium and 75% for your dependents) 
• Flexible PTO
• FSA/HSA accounts
• Family & fertility benefit through Maven Clinic
• 401K match 
• 3 months paid parental leave
• Professional Development budget 
• Quarterly lifestyle benefit to use towards WFH equipment & fitness
• Generous mental health stipend
• Work from home policy
• Opportunity to join a fantastically talented, diverse, and passionate team at a pivotal time in the company’s lifecycle