Security Program Manager

Forus Inc

$120K — $150K *
Healthcare
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4-7 years of experience in GRC, security compliance, or security program management.
  • Hands-on experience with SOC 2 and HIPAA; HITRUST experience is a plus.
  • Experience in a regulated, high-growth environment, ideally healthcare.
  • Fluency with compliance automation tools and technical literacy to collaborate with engineers on controls.
  • Experience managing customer-facing security processes such as security questionnaires and due diligence.
  • Strong written and verbal communication skills for effective internal and external collaboration.
  • Demonstrated track record of delivering goals swiftly and effectively.

Responsibilities

  • Own compliance programs end to end for SOC 2, HIPAA, and HITRUST.
  • Build and manage the customer trust function to facilitate security in deals.
  • Implement and maintain compliance automation for ongoing evidence collection.
  • Draft security policies and lead security-awareness training company-wide.
  • Collaborate with engineering and legal teams to enforce framework requirements.
  • Manage the risk register and provide leadership with security posture updates.

Benefits

  • Fully covered medical, vision, and dental insurance.
  • Memberships for One Medical, Talkspace, Teladoc, and Kindbody.
  • Unlimited paid time off (PTO) and 16 weeks of parental leave.
  • 401K plan setup, FSA option, commuter benefits, and DashPass.
  • Daily office lunches and dinner after 7 pm.
Full Job Description


All full-time roles are in person in New York.

About the role

As a Security Program Manager at Forus, you will own the programs that let customers trust us with their most sensitive data. We operate on protected health information to automate healthcare, and our providers, payers, and life sciences partners hold us to a high bar.

You will own our compliance programs end to end - SOC 2, HIPAA, and HITRUST - and build the customer trust function that ensures security remains a core competency at Forus. You will run vendor and third-party risk assessments, stand up compliance automation, and partner closely with our engineering team to implement the technical controls you map to each framework.

This is a demanding role, with a high level of autonomy and responsibility. You will be expected to "act like an owner" and commit yourself to Forus' success. If you are low-ego, hungry to learn, and excited about intense, impactful work that drives both company growth and accelerated career progression, we want to hear from you.

If you join, you will:
  • Own our compliance programs end to end (SOC 2 Type II, HIPAA, and HITRUST) from readiness through audit and continuous monitoring.
  • Build and run the customer trust function (security questionnaires, RFPs, due diligence, and our trust center) so security accelerates deals rather than blocking them.
  • Stand up and administer compliance automation, turning evidence collection and control monitoring into a continuous, low-toil system.
  • Author security policies, run security-awareness training, and drive access reviews and audit readiness across the company.
  • Partner with engineering and legal to translate framework and customer requirements into concrete controls, and coordinate external auditors and penetration-testing firms.
  • Own the risk register and give leadership clear, honest visibility into our security and compliance posture.


We'll be most excited if you have:
  • Typically 4-7 years in GRC, security compliance, or security program management, with a track record of running audits end to end.
  • Hands-on experience with SOC 2 and HIPAA; HITRUST experience is a strong plus, as is a track record of standing up a new framework from scratch.
  • Experience in a regulated, high-growth environment - ideally healthcare or another domain with serious data-handling obligations.
  • Fluency with compliance automation tooling and enough technical literacy to work credibly with engineers on cloud, identity, and logging controls.
  • Experience owning customer-facing security with enterprise buyers: questionnaires, trust centers, and due diligence.
  • Strong written and verbal communication that allows you to be an effective participant in both internal debates and external relationships.
  • A track record of moving quickly, finding shortcuts, and going to unreasonable lengths to deliver on goals.
  • High NPS with your former teammates.


This is a list of ideal qualifications for this position. If you don't meet every single one of them, you should still consider applying! We're excited to work with people from underrepresented backgrounds, and we encourage people from all backgrounds to apply.

Working with us

Forus is based in New York, with our full team working out of a beautiful and spacious office in SoHo.

We run as a high-trust environment with high autonomy, which requires that everyone is fully competent and operates in line with our principles:
  • Do the math. Be rigorous, assume nothing. Break problems down and reason from the ground up.
  • Expand the solution space. Be resourceful and audacious. Resist false constraints and push beyond the obvious before committing.
  • Spit it out. Speak directly, invite critique, avoid equivocation. We want right answers, not comfortable ones.
  • Raise the bar together. Hold a high standard for execution, push each other directly, and win as a team.

We provide competitive compensation with meaningful equity (for full-time employees). Everyone who joins will be a major contributor to our success, and we reflect this through ownership and pay.

We also provide rich benefits to ensure you can focus on creating impact (for full-time employees):
  • Fully covered medical, vision, and dental insurance.
  • Memberships for One Medical, Talkspace, Teladoc, and Kindbody.
  • Unlimited paid time off (PTO) and 16 weeks of parental leave.
  • 401K plan setup, FSA option, commuter benefits, and DashPass.
  • Lunch at the office every day and Dinner at the office after 7 pm.


Our salary ranges are based on paying competitively for our company's size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Forus (for full-time employees). Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity.

Similar Jobs

More Jobs at Forus Inc

More Healthcare Jobs

Find similar Security Program Manager jobs: