Hinge Health is moving people beyond pain by transforming the way it is treated and prevented. Connecting people digitally and in-person with expert clinical care, we combine advanced technology, AI and a care team of experts to guide people through personalized care directly from their phone. Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, State of New Jersey, US Foods, and Verizon.
Here at Hinge Health, we welcome all applicants and know a diverse team makes us better and stronger. We look for individuals who embody our leadership principles and we value varied experiences and skill sets. Beyond specific work experience, we also look for unique capabilities and skill sets that are key indicators an applicant will thrive in our fast-paced, frequently evolving environment. If this sounds like the kind of place you’d like to be part of, please apply - we would love to hear from you!
Hinge Health Hybrid Model:
We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 2 days/week. We will be expanding to 3 days/week in the office beginning April of 2024.
About the Role
The Lead Security Risk Specialist position will be primarily responsible for managing responses to security inquiries from customers, partners, and other key organizational stakeholders. This role will also help further mature and maintain a comprehensive risk management program to identify, evaluate and monitor various information and third party security risks. This position will work closely with cross functional teams to ensure that information security risks associated with critical Hinge Health assets, data, operations, and third-party relationships are properly identified and effectively managed.
The ideal candidate should be passionate about security, eager to drive efficiencies, embrace challenges, and able to partner with cross functional teams to address external stakeholder security requirements.
WHAT YOU’LL ACCOMPLISHManage requests from external business partners and customers on Hinge Health’s internal security capabilities and practices in support of business objectives.Oversee third-party security assessments to ensure information security risks associated with external organizational relationships are accurately identified and appropriately managed.Establish partnerships with internal and external stakeholders to ensure continuous compliance with security standards and obligations.Lead IT audits, as well as, performing controls assessments for industry accepted frameworks such as SOX, NIST, HITRUST Automate common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.Build and mature Hinge Health’s security policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, HITRUST) and regulatory/compliance requirements (e.g., HIPAA, Sarbanes Oxley, GDPR).WHAT WE'RE LOOKING FORBachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience5+ years of experience in Information Security and experience driving security risk management activitiesExperience in public accounting and/or internal audit functions involving public companies with exposure to advanced information system audit techniques, including but not limited to SOX 404, NIST SP 800-53, NIST CSF, HITRUST, SOC 1, SOC 2, ISO 27001, etcAt least three (3) years of experience performing IT General Controls (ITGCs) and/or IT Application Controls assessments; evaluating risks-based principles and executing audit programsAbility to conduct third-party security risk assessments while collaborating with cross functional teams to effectively manage riskUnderstanding of cloud environments and cloud computing service deployment architecture (IaaS, PaaS, SaaS)Experience working with IT, Information Security, and Engineering teams to develop a strategy and program to effectively manage information security risk and improve security posture and maturityExcellent written, verbal and nonverbal communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels of the organization as well as third-party executive and government agencies
About Hinge Health:
LinkedIn recently named Hinge Health one of the Top 50 Startups. Forbes, Fast Company, and Inc. have also recognized our technology, innovation, and culture.
Since our founding in 2014, we've raised more than $800 million from leading investors, including Coatue and Tiger Global. We work with 1000 customers across every industry and the public sector — including Salesforce, Verizon, and the State of New Jersey — to give more than 23 million people access to the care they need. We’re positioned to continue leading the market with unmatched investments in clinical research, care innovation, machine learning, AI, and computer vision.
Diversity and Inclusion:
Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter.
By providing your information through this page or applying for a job at Hinge Health, you acknowledge that Hinge Health will collect, use, and process your information as part of our job application process. For more information on how Hinge Health processes your personal information, click here to view our
Applicant and Personnel Privacy Notice.
Disclaimer:
There continues to be a significant increase in phishing attempts across all industries where fraudsters are impersonating real employees and sending fictitious job offers to applicants in a scheme to obtain sensitive information. Please note that we will never ask for your financial information at any part of the interview process including the post-offer stage, and will only correspond through @hingehealth.com domain email addresses.
If you encounter any suspicious activity, we recommend you cease all communication with the individual and consider reporting them to the U.S. FBI Internet Crime Complaint Center. If you would like to verify the legitimacy of an email you received from our recruiting team, please forward it to security@hingehealth.com
*Please do not send resumes via email*
See more jobs at Hinge HealthRelated jobs
Third-Party Security Risk Analyst Mindbody Remote - Brazil |
Information Security Risk & Compliance Principal Genius Sports London, England, United Kingdom |
Security Third Party Risk Analyst Fanduel New York |
Lead Software Engineer, Infrastructure & Security Nuna Inc. United States of America |