The Cadence Solutions team is seeking a Security GRC Manager, who will own and operationalize our compliance program, assess and mature our security controls, and serve as a critical bridge between security and the larger organization. This opportunity dives into technical details and builds pragmatic, defensible, healthcare-ready security practices that balance compliance with business enablement.

WHAT YOU’LL DO:

• GRC Strategy & Program Management - Mature the overall GRC strategy. Program manage GRC initiatives to ensure timely and successful completion. Drive alignment of GRC priorities with company-wide business and security goals.
• Risk Management - Lead our risk management program conducting risk assessments, vulnerability analysis, and control testing. Identify, assess, and prioritize cybersecurity risks, and track remediation to closure. Build risk reports that communicate both technical and business impact.
• Third-Party Risk Management (TPRM) - Own and operate the company’s TPRM program evaluating vendors, reviewing security documentation, and collaborating with requestors and Legal to assess and manage third-party risk. Maintain vendor inventories, perform risk-based reviews, and ensure ongoing monitoring and reassessments are in place.
• Compliance & Policy - Own day-to-day management of HIPAA and SOC 2 Type II compliance. Develop and maintain security policies, standards, and procedures that meet regulatory, contractual, and business needs. Ensure policies are operationalized across teams and regularly updated to reflect changes in law, contractual obligations, and security posture.
• Security Control Maturity - Collaborate with Engineering and IT teams to improve technical controls across our environment.
• AI Governance & Enablement - You’ll serve as a champion for responsible AI adoption and lead the development and implementation of an internal AI governance framework that promotes innovation while establishing appropriate safeguards. You’ll work cross-functionally to create and enforce AI usage policies that align with our security, privacy, and compliance standards, ensuring teams can explore and use AI with clarity and accountability.
• Collaboration & Communication - Cultivate strong relationships with risk owners and stakeholders to drive program buy-in and accountability. Partner cross-functionally with Legal, People, IT, Engineering and Product to embed security and compliance into core processes.
• Sales & Customer Enablement - Lead the response to security questionnaires, RFPs, and vendor risk assessments. Join customer/prospect calls as a security spokesperson and support the creation of trust-building artifacts. Translate technical risk posture into clear messaging for customers and partners.
• Security Awareness & Culture - Serve as the company’s lead security awareness advocate, driving education and engagement across the organization. Own and deliver security training programs, onboarding security orientations, newsletters, and targeted campaigns. Launch and evolve new security awareness initiatives that promote a strong security-first culture.

WHAT YOU’LL NEED:

• Compliance Subject Matter Expert - Deep understanding of HIPAA, SOC 2, and regulatory frameworks, with experience operationalizing controls in real-world, fast-paced environments.
• Third-Party Risk Management Expertise - Experience leading vendor security reviews, risk assessments, and ongoing third-party monitoring within a TPRM program.
• Builder Mindset - You proactively design and implement scalable GRC solutions that reduce friction, support growth, and eliminate checkbox security.
• Deep Security Fluency - Strong working knowledge of cloud security (AWS preferred), identity and access management, application security principles, and common security frameworks (e.g., NIST, CIS). Knowledge of product security, SDLC, and vendor management practices.
• Threat-Driven Thinking - You can assess technical risk, anticipate threats, and apply layered mitigations based on actual attacker behaviors, not just compliance requirements.
• Collaboration & Communication - Skilled at influencing across technical and non-technical teams, aligning stakeholders, and clearly communicating security risk in business terms.
• Startup Ready - Comfortable operating in ambiguity, thrive in hyper-growth environments, ability to wear multiple hats, and driving progress without waiting for perfection.

WHO WE ARE:

We move fast, raise standards, and own outcomes. We hire drivers, not passengers – people who take initiative, solve problems, and sweat the details because lives depend on it. Momentum matters in healthcare where slow decisions cost lives. At Cadence, we set a high bar and back each other relentlessly to clear it. If you’re ready to do the best work of your career and make a real impact in healthcare, join us.

WHAT YOU’LL GET:

• Autonomy to tackle big, complex problems that matter
• An opportunity to improve lives every single day
• A chance to shape a category‑defining company at scale
• Medical, dental, and vision insurance
• Competitive total compensation and meaningful equity
• TelaDoc (virtual primary care)
• National and local discounts powered by TriNet
• Unlimited PTO and paid holidays
• Remote equipment setup and home office stipend
• Paid Parental Leave
• 401K and 401K match
• Charitable Donation Match program
• Expected compensation range: $150K-$175K annual base salary
• Location: Remote