Listing Description
Hinge Health is building the world’s most patient-centered Digital Musculoskeletal (MSK) Clinic™. It is now the leading Digital MSK Clinic, used by four in five employers and 90% of health plans with a digital MSK solution. Hinge Health reduces MSK pain, surgeries, and opioid use by pairing advanced wearable sensors and computer vision technology with a comprehensive clinical care team of physical therapists, physicians, and board-certified health coaches.
The company launched a nationally accessible Women’s Pelvic Health program to address the unique MSK needs of women. Hinge Health’s HingeConnect integrates with 1 million + in-person providers and enables real-time interventions for elective MSK surgeries, driving proven medical claims reduction. Available to millions of members, Hinge Health is widely trusted by leading organizations, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, State of New Jersey, US Foods, and Verizon.
To Learn more about our company & culture please visit:
The Senior Security Risk position will be responsible for leading internal and external security risk assessments. This role will help further define and maintain a comprehensive risk management program to identify, evaluate and monitor various information security risks. This position will work closely with cross functional teams to ensure that information security risk associated with critical Hinge Health assets, data, and operations, are properly identified and effectively managed.
THINGS YOU’LL ACCOMPLISHBuild and mature Hinge Health’s security policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, HITRUST) and regulatory/compliance requirements (e.g., HIPAA, Sarbanes Oxley, GDPR).Strong emphasis will be on planning and executing IT audits, as well as, performing controls assessments for industry accepted frameworks such as SOX, NIST, HITRUST Plan & lead complex assessments for IT general and application controls in the areas of system development, Identity and Access Management (IAM), logging and monitoring, vulnerability management, change management, logical access, data networks, computer operations, business continuity and disaster recovery.Deliver technical guidance related to enhancing the security posture of information systems solutions.Work closely with IT, Information Security, and Engineering teams to develop a strategy and program to effectively manage information security risk and further improve security posture and maturity.Automate common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.Build continuous security management, monitoring and testing capabilities within a cloud native environment.Evaluate the design and effectiveness of controls, as well as, track, monitor and assist process owners with remediation plans.Remain up-to-date on legal and regulatory changes, emerging threats and evolving technologies and implement appropriate control mechanisms based on risks within Hinge Health’s environment.Gather and maintain a library of objective evidence to show ongoing compliance with the documented controls.Ability to put into practice security & privacy frameworks & standards such as ISO 27001, SOC2, GDPR, HITRUST and HIPAA.Provide information to external business partners and customers on Hinge Health’s internal security capabilities and practices in support of business objectives.
WHAT WE’RE LOOKING FORBachelor's Degree in Computer Science, Information Systems Management, or other related fields or equivalent experienceMinimum 7 years of experience in security, risk assessments, or advisory work within a highly technical environmentFamiliarity with all NIST 800-53 control families requirementsMinimum 5 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. HITRUST, SOC1, SOC 2, PCI)Minimum 4 years of experience in developing, reviewing, updating system documentation in support of an Authorization to OperateMinimum 4 years of experience in supporting continuous security monitoring, risk assessments, or IT audit activitiesExperience with cloud computing service deployment architecture (IaaS, PaaS, SaaS) Highly effective oral, written, communication skills and demonstrated ability to effectively interact with senior and executive levelsHave a record of delivery of IT process improvement projects with technology processesAbility to investigate and analyze technical and regulatory issues with applicability to cloud servicesHave experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processesAbility to work efficiently and independently in a fast-paced, high-volume environmentCISA, CISM, CISSP, CCSP
WHAT YOU’LL LOVE ABOUT USCompetitive compensation with meaningful equityMedical, Dental, Vision, Disability and Life Insurance (We cover 100% of your premium and 75% for your dependents) Flexible PTOFSA/HSA accountsFamily & fertility benefit through Maven Clinic401K match 3 months paid parental leaveProfessional Development budget Quarterly lifestyle benefit to use towards WFH equipment & fitnessGenerous mental health stipendWork from home policyOpportunity to join a fantastically talented, diverse, and passionate team at a pivotal time in the company’s lifecycle#LI-KC2
Pursuant to State Fair Pay Act, below is a summary of compensation elements for this role at the company if based in the following locations:
Colorado & New York State annual salary: $104,160 - $156,240
New York City annual salary: $124,000 - $186,000
________________________
We want to make you aware that there continues to be a significant increase in phishing attempts across all industries where fraudsters are impersonating real HR employees and sending fictitious job offers to applications in a scheme to obtain sensitive information.
Please note that we will never ask for your financial information at any part of the interview process including the post-offer stage, and will only correspond through @hingehealth.com domain email addresses.
If you encounter any suspicious activity, we recommend you cease all communication with the individual and consider reporting them to the US FBI Internet Crime Complaint Center.
If you would like to verify the legitimacy of an email you received from our recruiting team, please forward it to security@hingehealth.com.
If you're interested - we'd love to hear from you. No recruiters, please.
Hinge Health is proud to be an Equal Employment Opportunity employer.
We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
Hinge Health is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you feel you need assistance or an accommodation due to a disability, please let us know by reaching out to your Recruiter and we'll work with our accommodations team to evaluate your request.
We celebrate diversity and are committed to creating an inclusive environment for all employees.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided