Hinge Health

Manager, Technology Risk

Hinge Health$120K — $150K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 2+ years in technology risk, IT audit, cybersecurity, or information security, particularly in regulated environments
  • Experience leading complex, cross-functional risk or compliance programs
  • Deep knowledge of SOX IT General Controls in cloud-first setups
  • Proficiency in access management, change management, and related control frameworks
  • Comfortable in environments handling PHI or sensitive data
  • Strong ability to influence senior stakeholders with data-driven discussions
  • Exceptional communication skills for concise and clear reporting

Responsibilities

  • Maintain and refine the Technology Risk Register with clear documentation of risks and mitigation plans
  • Track remediation progress across teams, ensuring compliance with SLAs
  • Serve as the primary interface for auditors concerning SOX IT General Controls
  • Coordinate remediation of SOX ITGC findings to prevent control deficiencies
  • Collaborate with various departments to align risk practices with regulatory requirements
  • Aggregate and manage code vulnerabilities and penetration-testing findings
  • Analyze trends in vulnerabilities to target high-impact remediation efforts
  • Create dashboards that present risk and compliance insights to senior leadership
  • Develop executive-ready reports translating technical risks into understandable terms

Benefits

  • Hybrid working model based in San Francisco, requiring in-office attendance three days a week
  • Dog-friendly workplace environment
  • Flexible remote work hours during core business days
  • Minimal physical demands related to standard office activities
  • Potential for occasional off-site or on-site events
Full Job Description
About the Role

The Technology Risk Manager is a senior individual contributor responsible for driving Hinge Health's technology risk posture across security, infrastructure, and IT. You'll act as the primary owner for technology risk across multiple teams rather than as a pure advisor. The role has broad exposure to Security , IT, Engineering leadership, and you're expected to confidently surface risks, drive clear risk evaluations, and collaborate with partners to land practical remediation decisions.

You'll work closely with Application Security, Engineering , Security, and IT to translate technical vulnerabilities into business risk, maintain the Technology Risk Register, and ensure high-quality, timely remediation in a PHI-handling and heavily regulated environment.

What You'll Do
  • Maintain and continuously refine the Technology Risk Register, documenting cyber, operational, and regulatory risks with clear ratings, owners, and mitigation plans.
  • Track and drive remediation progress across engineering and IT teams, escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs.
  • Regulatory Compliance & Governance (SOX & HIPAA).
  • Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing, documentation, and evidence collection.
  • Coordinate and track remediation of SOX ITGC findings, ensuring clear ownership, high-quality corrective actions, and timely closure to prevent control deficiencies and material weaknesses.
  • Partner with Security, Accounting, Legal/Compliance, and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements.
  • Partner with Application Security, SRE, and Infrastructure teams to aggregate, prioritize, and track code vulnerabilities, penetration-testing findings, and infrastructure risks across the SDLC.
  • Analyze vulnerability trends (by system, control, and data sensitivity) to help teams focus on the highest-impact remediation work.
  • Drive consistent, high-quality documentation of risk decisions, mitigations, and compensating controls.
  • Design and maintain risk and control dashboards that provide senior leadership with clear insight into security posture, compliance status, and remediation velocity.
  • Produce recurring executive-ready reports and narratives that translate complex technical risk into clear, non-technical language for decision-makers and risk committees.
  • Recommend and refine KPIs/KRIs that measure technology risk, SOX ITGC health, and vulnerability reduction over time.


What You Bring
  • 2+ years of experience in technology risk, IT audit, cybersecurity, or information security, with recent, hands-on in SOX-driven or heavily regulated environments (e.g. public/pre-IPO, company, Big 4 IT audit/risk advisory, financial services or healthcare).
  • Proven track record as a senior IC leading complex, cross-functional risk or compliance programs with high visibility to engineering and IT leadership.
  • Deep experience with SOX IT General Controls (design, testing, and remediation) in cloud-first environments.
  • Strong understanding of access management, change management, computer operations, and related control frameworks.
  • Comfort working in PHI-handling or similarly sensitive data environments.
  • Demonstrated ability to influence senior engineering and IT stakeholders: you can surface uncomfortable risks, keep discussions anchored in facts and impact, and help teams arrive at well-documented decisions.
  • Excellent relationship-builder who balances assertiveness with partnership-able to challenge, negotiate trade-offs, and still maintain trust.
  • Exceptional written and verbal communication skills; you distill complex technical risk into concise, executive-ready narratives and clear action plans.
Preferred Qualifications
  • Certifications such as CISA, CISSP, or equivalent.
  • Prior Big 4 (or similar) experience in IT audit, SOX, or technology risk.
  • Experience with SOX IT General Controls and broader security frameworks.


Hinge Health Hybrid Model This is a hybrid role based in the San Francisco office, requiring in-person attendance three days per week for a full 8-hour business day. On remote days, employees are expected to work during core business hours with flexibility. The office is part of a dog-friendly workplace program, and while travel is not regularly required, occasional off-site/on-site events may occur. Physical demands are minimal and primarily involve standard office activities such as sitting, typing, and video conferencing.

About Hinge Health

Industry
Founded
2015

Similar Jobs

More Jobs at Hinge Health

More Information Technology Jobs

Find similar Manager, Technology Risk jobs: