Source Job

• Responsible for managing and growing a comprehensive third-party risk management program across the organization.
• Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
• Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.

Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.

• Own Security Governance: maintain and evolve security policies, standards, and control frameworks.
• Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence, contracting handoffs, ongoing monitoring.
• Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The majority of their roles are remote. They offer competitive benefits anchored to the core value of people come first.

• Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
• Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
• Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.

Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.

• Responsible for comprehensive information security risk assessments of third-party vendors.
• Evaluate vendors to ensure they meet internal information security policies, HIPAA, PCI DSS requirements, and applicable regulatory standards.
• Thoughtfully analyze vendor-provided documentation, proactively identify potential risks, and produce detailed and accurate assessment reports.

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care. They have health centers, programs in schools and communities, and online resources, and are a trusted source of reliable education and information.

• Execute end-to-end third-party and vendor risk assessments.
• Develop, maintain, and enhance risk metrics, dashboards, and reporting.
• Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives

Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.

• Execute healthcare advisory engagements including Governance, Risk, and Compliance (GRC) assessments.

Virginia General delivers specialized governance, risk, compliance, and resilience advisory services within the healthcare sector. They aid healthcare organizations to navigate complex regulatory landscapes and cybersecurity challenges.

• Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
• Extract security requirements from client MSAs; identify gaps and risks.
• Coordinate internal and client audit requests; collect evidence.

Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.

• Conduct ongoing risk reviews and maintain an up-to-date risk register.
• Support risk assessments across critical business processes and systems.
• Partner with stakeholders to develop and track risk mitigation plans through resolution.

Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.

• Mature and execute the enterprise risk management framework.
• Lead day-to-day execution of Akoya’s cybersecurity program.
• Oversee corporate IT governance in partnership with the IT Systems Administrator.

Akoya is building a secure API-driven open finance network. They value diverse experiences and encourage everyone to apply, especially those who will bring something new to the table.

• Lead the development of executive-level reporting on IT risk and compliance.
• Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program.
• Analyze incident, change, and problem management data to identify trends and improvement opportunities.

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. The firm has approximately 1,100 attorneys in 17 offices and fosters an entrepreneurial spirit and team-oriented approach for all employees.

• Lead end-to-end investigations into compliance and ethics.
• Translate complex regulations into practical guidance.
• Identify systemic risks and ensure robust remediation.

Rula is dedicated to treating the whole person and aims to create a world where mental health is embraced as an integral part of one's overall well-being. They are a remote-first company that is dedicated to having a culture of inclusion that will support their employees.

• Own end-to-end compliance strategy and operations.
• Conduct risk assessments and identify compliance risks.
• Build compliance programs from ground up and coordinate compliance audits.

Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.

• Apply compliance frameworks to assess, design, and implement security controls.
• Conduct compliance gap assessments and develop remediation plans.
• Create and maintain key documentation tailored to client needs.

AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.

• Execute and improve security controls, manage user and privileged access.
• Run monitoring and response activities, and coordinate recurring program work.
• Work cross-functionally with teammates across IT, Legal, Compliance, and business teams.

Evio is a pharmacy solutions company that was founded by and works closely with health plans to implement transformative initiatives. They have invested heavily in their people, team, and culture, creating a special place to work.

• Assess and Improve Current-State Governance.
• Design Governance Structures, Decision Rights, and Accountability.
• Build and Operationalize Governance Artifacts and Routines.

Artemis Connection is a strategic management consultancy working across the for-profit, public, and social sectors. They are passionate about helping innovative and entrepreneurial leaders reach their goals through a customized, project-based approach. The team is made up of seasoned consultants trained at organizations such as McKinsey & Company, BCG, Bain, Big 4 Strategy, and elite educational institutions.

• Own our security and compliance documentation accurate and up to date.
• Support our commercial teams in complex information security and compliance negotiations.
• Take ownership of maintaining our current ISO 27001 compliance and certification.

Gearset is trusted by some of the largest companies in the world to handle their Salesforce DevOps. They are committed to protecting data through a modern approach to security and compliance.