Security Manager

About The Position

Requirements

• 3–7+ years of experience in security, compliance, IT risk, or related field.
• Direct experience with SOC 2 Type II and/or HIPAA compliance initiatives.
• Strong familiarity with common GRC tools and compliance automation platforms.
• Experience drafting policies, procedures, and technical security documentation.
• Ability to manage audits, communicate with auditors, and gather required evidence.
• Understanding of security best practices (access control, encryption, logging, vulnerability management, cloud security).
• Excellent organizational, project management, and cross-functional communication skills.
• Bachelor’s Degree or relevant certifications
• Successful candidate must be able to successfully complete a background check and drug screening.

Nice To Haves

• Experience in a SaaS, cloud-native, or healthcare IT environment.
• Knowledge of AWS, Azure, or other cloud security frameworks.
• Experience with HITRUST, ISO 27001, or NIST frameworks.
• Relevant certifications (e.g., CISSP, CISA, CISM, HCISPP, Security+, CCSFP).

Responsibilities

• Certification Program Development
• Lead the company’s SOC 2 Type II and HIPAA compliance initiatives from planning through certification.
• Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA, NIST, and other relevant standards.
• Establish and maintain a security roadmap, including milestones, control gaps, remediation steps, and timelines.
• GRC Tool Ownership
• Implement, configure, and administer the company’s GRC platform.
• Map controls, evidence sources, workflows, and automated tests within the GRC tool.
• Ensure continuous monitoring and automated evidence collection is accurate and functioning.
• Work with MarketProminence team to correct any findings.
• Audit & Certification Management
• Serve as the primary liaison for external auditors, assessors, and compliance partners.
• Prepare audit-ready documentation, evidence, and controls for SOC 2 Type II and HIPAA audits.
• Coordinate and track internal control testing and remediation actions.
• Maintain readiness for annual recertification and surveillance audits.
• Policy & Process Implementation
• Train internal teams on new policies, procedures, and compliance requirements.
• Collaborate with Engineering and DevOps to implement technical security controls (e.g., logging, access management, encryption, vulnerability management).
• Ensure proper implementation and documentation of administrative, physical, and technical safeguards required for HIPAA.
• Client Security Requests
• Manage client and prospect security questionnaires.
• Maintain standardized responses and supporting documentation.
• Participate in security review calls with clients as needed.
• Risk Management & Internal Oversight
• Maintain the MarketProminence risk register and ensure timely risk assessments.
• Oversee third-party vendor security evaluations and monitoring.
• Participate in incident response planning, tabletop exercises, and post-incident reviews.
• Monitor and report on compliance KPIs and risk posture to leadership.
• Continuous Improvement
• Stay current with regulatory requirements and industry frameworks (e.g., SOC 2, HIPAA).
• Recommend and implement improvements to enhance the company’s security and compliance posture.
• Evaluate and introduce new tools, processes, and automation opportunities.

Benefits

• Medical, vision, and dental plans for full time employees
• 401(k) offered with a generous match
• Benefits begin on first day of the month following employment
• Exercise/Health Club reimbursement opportunity
• Monthly dependent care reimbursement opportunity
• Short Term and Long-Term disability
• Basic Term Life and AD&D Insurance
• Generous PTO and Company Paid Holidays