Senior Manager - Information Security, Governance, Risk, Compliance

At Stellar Health, we help primary care providers put patient health first. Our platform - a mix of technology, people, and analytics - supports providers at the point of care, delivering real-time patient information, activating practice staff, and empowering providers and care teams with incentives that reward the work they are already doing to keep patients healthy. Using the Stellar App, our web-based, point-of-care tool; practices receive a simple checklist of recommended actions that support the best quality care. Providers and care teams are then paid monthly for each action they complete, and Payors save money in reduced healthcare costs along the way. Stellar is a US-based Health-tech backed by Top VCs (General Atlantic, Point72, & Primary Venture Partners)​​ with an established product & proven operating model. We’ve shown that we make a real difference for physician practices and their patients. Stellar Health is looking for a Senior Manager - Information Security, Governance, Risk, and Compliance to help prioritize and drive our Information Security program and investments. This role will report to our Senior Director, IT & Security. We are looking for an individual who is passionate about building, scaling, and maintaining security governance processes that are thoughtfully designed for both external users, customers, auditors, and teammates. You will have the autonomy and authority to approve or reject evidence submissions, accept low-risk exceptions, approve compensating controls, and close audits. Stellar Health operates in the HealthTech space and is HITRUST R2 certified. This role will help ensure our security program is as effective, organized, and proactive as possible by: Reducing the effort to maintain and demonstrate our alignment to HITRUST by maximizing our use of Vanta to automate the collection of evidence, maintain up to date documentation, and deploy continuous testing of controls. Aligning with our cross-functional teams as they deliver on their controls and support our security processes, ensuring clarity and accountability for all parties. Leading our annual and ongoing risk assessment processes including the managing the risk register and mitigation plans Enabling company growth acceleration by facilitating the strategic and thoughtful completion of customer and vendor security reviews Overseeing incident response processes, supporting documentation, and corrective actions Deploying and managing the third-party vendor management program and processes. Oversees the selection and deployment of security related training across the enterprise Creating and managing dashboards and other materials that keep leadership informed and support Committee and Board meetings How you'll make an impact: Within your first month, you should have a solid foundation of our current security posture, controls, and security processes, what is working well and where there are gaps. You will use this foundation to build a longer term roadmap for our GRC efforts. Additionally, you will: Support our interim HITRUST assessment with a focus on open items that could require remediation Review the current GRC tooling environment and produced a plan for enhancements Prioritize a list of improvements to the third party vendor management program Implement improvements to current evidence collection processes and/or automations Facilitated the interim HITRUST assessment with the external auditing firm Implemented 1-2 improvements to the GRC tooling environment Refresh our customer facing trust center Create a remediation plan for HITRUST gaps, if any, including timelines and commitments from business owners Establish a process to review high risk applications and systems with System Owners to ensure they align to any applicable security standards/controls and other security recommendations