Execute end-to-end third-party and vendor risk assessments.
Develop, maintain, and enhance risk metrics, dashboards, and reporting.
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.
Conduct risk assessments for critical and operationally significant third-party entities.
Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
Partner closely with cross-functional teams to manage third-party risk holistically and stay ahead of emerging risks, including generative and agentic AI.
HealthEquity's mission is to save and improve lives by empowering healthcare consumers. They envision making HSAs as widespread and popular as retirement accounts and they are passionate about providing a solution that allows American families to connect health and wealth.
Own Security Governance: maintain and evolve security policies, standards, and control frameworks.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence, contracting handoffs, ongoing monitoring.
Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The majority of their roles are remote. They offer competitive benefits anchored to the core value of people come first.
Responsible for comprehensive information security risk assessments of third-party vendors.
Evaluate vendors to ensure they meet internal information security policies, HIPAA, PCI DSS requirements, and applicable regulatory standards.
Thoughtfully analyze vendor-provided documentation, proactively identify potential risks, and produce detailed and accurate assessment reports.
Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care. They have health centers, programs in schools and communities, and online resources, and are a trusted source of reliable education and information.
Define and evolve security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.
Clover Health is reinventing health insurance by combining data with human empathy to keep members healthier. They've created custom software and analytics to empower their clinical staff to intervene and provide personalized care. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Lead the development of executive-level reporting on IT risk and compliance.
Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program.
Analyze incident, change, and problem management data to identify trends and improvement opportunities.
Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. The firm has approximately 1,100 attorneys in 17 offices and fosters an entrepreneurial spirit and team-oriented approach for all employees.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.