Oversee the internal cybersecurity program, road map, and strategy.
Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes.
Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule.
Waymark is a mission-driven team transforming care for people with Medicaid benefits. They partner with communities, delivering technology-enabled, human-centered support to help patients stay healthy and thrive in Medicaid healthcare delivery.
Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
Extract security requirements from client MSAs; identify gaps and risks.
Coordinate internal and client audit requests; collect evidence.
Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.
Execute healthcare advisory engagements including Governance, Risk, and Compliance (GRC) assessments.
Virginia General delivers specialized governance, risk, compliance, and resilience advisory services within the healthcare sector. They aid healthcare organizations to navigate complex regulatory landscapes and cybersecurity challenges.
Enhances the strategic pillars of a security compliance program and facilitate day-to-day compliance operations.
Involved in multiple areas of the business where compliance and security impact operations.
Works on assignments that are complex and require professional skepticism, judgment, initiative, and knowledge of SaaS Company positions.
Optro is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology. They inspire each other to innovate and are proud of what they are producing.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Conduct gap assessments against CMMC/NIST SP 800-171 requirements
Assist with the development and updates to the System Security Plan (SSP) and POA&M
Broadway Ventures transforms challenges into opportunities with expert program management, cutting-edge technology, and innovative consulting solutions. As an 8(a), HUBZone, and Service-Disabled Veteran-Owned Small Business (SDVOSB), they empower government and private sector clients by delivering tailored solutions that drive operational success, sustainability, and growth.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Support the execution of risk-based compliance monitoring, including data collection, control testing, and evidence gathering.
Assist with the annual policy review cycle: gap analysis, benchmarking, drafting revisions, and maintaining the compliance policy register.
Assist in preparing periodic compliance reports and KPI/KRI data for the Management Board, Supervisory Board, and Audit & Risk Committee.
Finom is a European tech startup headquartered in Amsterdam that aims to revolutionize financial landscape for entrepreneurs worldwide. They are developing an all-in-one financial B2B solution that integrates banking functions, accounting, financial management, and invoicing into a seamless, mobile-first platform.
Ensure smooth customer onboarding and equip them with best practices.
Build trusted relationships with customers to drive adoption and renewals.
Serve as advisor, helping customers navigate security practices.
They are focused on preventing leaking credentials and building machine identity protection products. They are a fully remote, collaborative team contributing to advancements in cybersecurity and committed to open source.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Own our security and compliance documentation accurate and up to date.
Support our commercial teams in complex information security and compliance negotiations.
Take ownership of maintaining our current ISO 27001 compliance and certification.
Gearset is trusted by some of the largest companies in the world to handle their Salesforce DevOps. They are committed to protecting data through a modern approach to security and compliance.
Identify and remediate security risks across cloud configurations to strengthen overall security posture.
Design and implement scalable security controls aligned with cloud, network, and identity management best practices.
Partner with cross-functional teams to integrate security into system design, development, and deployment processes.
Clario transforms lives by unlocking better evidence for the clinical trials industry. They are a leading provider of endpoint data solutions, with a global team of science, technology, and operational experts supporting over 70% of all FDA drug approvals since 2015.
Responsible for comprehensive information security risk assessments of third-party vendors.
Evaluate vendors to ensure they meet internal information security policies, HIPAA, PCI DSS requirements, and applicable regulatory standards.
Thoughtfully analyze vendor-provided documentation, proactively identify potential risks, and produce detailed and accurate assessment reports.
Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care. They have health centers, programs in schools and communities, and online resources, and are a trusted source of reliable education and information.
Communicate clearly and professionally with team members.
Support Provider Experience initiatives by tracking project deliverables.
Maintain accurate, organized documentation to support transparency across projects.
CareCentrix is committed to making home the center of care. They offer advanced home care to improve patient health and lower healthcare costs. They value caring for their employees and strive for excellence.
Support CapIntel’s Governance, Risk, and Compliance program
Manage third-party risk and customer security reviews
Support operational security, privacy, and security awareness initiatives
CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.
Assist with the configuration and optimization of Wiz dashboards.
Help develop customized dashboard views for stakeholders across engineering and compliance.
Participate in routine cloud security posture management reviews and reporting.
Aledade is a public benefit corporation that empowers independent primary care practices. It was founded in 2014 and has become the largest network of independent primary care, helping practices deliver better care and thrive in value-based care with a collaborative, inclusive, and remote-first culture.
Lead end-to-end investigations into compliance and ethics.
Translate complex regulations into practical guidance.
Identify systemic risks and ensure robust remediation.
Rula is dedicated to treating the whole person and aims to create a world where mental health is embraced as an integral part of one's overall well-being. They are a remote-first company that is dedicated to having a culture of inclusion that will support their employees.
Serves as the premier cybersecurity authority within the TALON program.
Provides strategic advisory services to TSA’s IT leadership on cybersecurity risk management, security architecture, and compliance program maturity.
Serves as the senior cybersecurity advisor, providing real-time technical guidance to TSA stakeholders and the O&M contractor in support of rapid issue resolution.
DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. They focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, supporting public sector agencies and commercial enterprises around the globe.