Security Risk Program Lead

About The Position

Requirements

• You have deep experience building and operating security or enterprise risk management programs (not just managing projects) and a strong bias toward execution in fast-paced environments.
• You bring strong knowledge of healthcare security, privacy, and compliance frameworks (HIPAA, SOC 2, HITRUST) and can navigate regulatory obligations without sacrificing speed or innovation.
• You have exceptional stakeholder management and communication skills, including a track record of influencing senior leaders and translating complex risk concepts into actionable business guidance.
• You are a strong program manager with a structured approach to prioritization, documentation, and cross-functional alignment.

Nice To Haves

• Experience scaling risk programs at high-growth or pre-IPO tech companies, prior ownership of vendor risk programs, or familiarity with GRC tooling and automation.

Responsibilities

• Build and mature Grow's enterprise security risk management program, including risk identification, assessment, prioritization, remediation tracking, and maintaining a comprehensive risk register that informs business decisions.
• Lead the charge on AI risk management: Security sits within Grow’s Internal Foundations pillar, which is building company-wide infrastructure to support AI adoption. You’ll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Own the third-party/vendor security risk management program, streamlining review workflows to support business velocity while ensuring robust security oversight of partners and vendors.
• Drive audit readiness and external certifications (SOC 2, HIPAA-aligned assessments, HITRUST readiness) in close partnership with Legal and Compliance, reducing repeat findings and improving remediation timelines.
• Develop and deliver executive-level risk reporting and readouts that translate technical and security risks into clear business impact, enabling leadership to make informed, risk-aware tradeoffs as the company scales.
• Partner proactively across Security Engineering, Product, Engineering, and Operations to embed security and risk awareness into planning and decision-making cycles—positioning security as a strategic enabler rather than a gatekeeper.

Benefits

• Comprehensive Health Coverage: Medical, dental, and vision insurance, plus life and disability coverage.
• Parental Leave & Family Support: Up to 18 weeks paid leave and a new child stipend.
• Financial Wellness: 401(k) program and equity opportunities.
• Meals & Home Office Support: Stipends for home office setup and ongoing funds for meals, with tailored perks for both remote and in-office employees.
• Time Off to Recharge: Flexible PTO, 12 paid holidays, and a full winter break week.
• Wellness & Development: Annual stipends to put towards personal & professional growth.
• Mental & Physical Health Support: No-cost access to therapy through the Grow platform, weekly flexible hours for self-care (“Mental Health Mornings/Afternoons”) and memberships to leading wellness apps (such as One Medical, Headspace, and Talkspace).
• Extra Perks: Pet insurance discounts, commuter benefits, and global travel assistance.