openashbyhqnotation
Senior Manager - Information Security, Governance, Risk, Compliance
Stellar Health
LocationRemote
WorkplaceRemote
EmploymentFullTime
Posted2026-04-02T20:02:32.139+00:00
Last observed2026-06-13 05:23:47.166566
Job idnotation-stellar-health:ashbyhq:ea4ba297-f81d-4207-b1d7-9c49e1c6f6ca
About Stellar Health: Historically, US Healthcare has relied on a fee-for-service reimbursement system where providers are paid based on the quantity of patient visits and procedures, rather than the quality of health outcomes. At Stellar Health, we help primary care providers put patient health first. Our platform - a mix of technology, people, and analytics - supports providers at the point of care, delivering real-time patient information, activating practice staff, and empowering providers and care teams with incentives that reward the work they are already doing to keep patients healthy. Using the Stellar App, our web-based, point-of-care tool; practices receive a simple checklist of recommended actions that support the best quality care. Providers and care teams are then paid monthly for each action they complete, and Payors save money in reduced healthcare costs along the way. Stellar is a US-based Health-tech backed by Top VCs (General Atlantic, Point72, & Primary Venture Partners) with an established product & proven operating model. We’ve shown that we make a real difference for physician practices and their patients. Stellar Health is looking for a Senior Manager - Information Security, Governance, Risk, and Compliance to help prioritize and drive our Information Security program and investments. This role will report to our Senior Director, IT & Security. We are looking for an individual who is passionate about building, scaling, and maintaining security governance processes that are thoughtfully designed for both external users, customers, auditors, and teammates. You will have the autonomy and authority to approve or reject evidence submissions, accept low-risk exceptions, approve compensating controls, and close audits. Stellar Health operates in the HealthTech space and is HITRUST R2 certified. This role will help ensure our security program is as effective, organized, and proactive as possible by: - Reducing the effort to maintain and demonstrate our alignment to HITRUST by maximizing our use of Vanta to automate the collection of evidence, maintain up to date documentation, and deploy continuous testing of controls. - Aligning with our cross-functional teams as they deliver on their controls and support our security processes, ensuring clarity and accountability for all parties. - Leading our annual and ongoing risk assessment processes including the managing the risk register and mitigation plans - Enabling company growth acceleration by facilitating the strategic and thoughtful completion of customer and vendor security reviews - Overseeing incident response processes, supporting documentation, and corrective actions - Deploying and managing the third-party vendor management program and processes. - Oversees the selection and deployment of security related training across the enterprise - Creating and managing dashboards and other materials that keep leadership informed and support Committee and Board meetings How you'll make an impact: Within your first month, you should have a solid foundation of our current security posture, controls, and security processes, what is working well and where there are gaps. You will use this foundation to build a longer term roadmap for our GRC efforts. Additionally, you will: - Support our interim HITRUST assessment with a focus on open items that could require remediation - Review the current GRC tooling environment and produced a plan for enhancements - Prioritize a list of improvements to the third party vendor management program - Implement improvements to current evidence collection processes and/or automations - Facilitated the interim HITRUST assessment with the external auditing firm - Implemented 1-2 improvements to the GRC tooling environment - Refresh our customer facing trust center - Create a remediation plan for HITRUST gaps, if any, including timelines and commitments from business owners - Establish a process to review high risk applications and systems wit
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.