Job Overview
Location
2 Locations
Job Type
Full-time
Category
Cybersecurity
Date Posted
April 10, 2026
Full Job Description
đź“‹ Description
- • Lead and manage enterprise-wide security compliance, IT audit, and third-party risk management initiatives to ensure alignment with industry standards and regulatory requirements.
- • Oversee certification efforts including ISO 27001, HITRUST, and SOC 1/SOC 2, serving as the primary point of contact for external auditors and certification bodies.
- • Drive internal and external IT audit engagements, establish audit documentation standards, and assess control effectiveness against frameworks such as NIST, ISO, and SOC.
- • Define and lead the enterprise third-party risk management program, leveraging GRC tools to assess inherent and residual risk, evaluate vendor controls, and embed security requirements into contracts.
- • Manage internal corrective action processes, track remediation of findings from audits, penetration tests, and risk assessments, and ensure timely closure of gaps.
- • Develop and monitor KPIs for compliance, audit, and third-party risk processes, creating dashboards for executive reporting on audit readiness and control effectiveness.
- • Partner with sales, legal, procurement, and operational teams to support business growth through clear, client-facing responses to security questionnaires and RFPs.
- • Execute quarterly user access reviews, enforce least privilege and segregation of duties, and ensure compliance with ITGC access control requirements.
- • Foster continuous improvement of compliance, audit, and third-party risk processes by enhancing control frameworks, documentation quality, and adapting to evolving regulatory requirements.
🎯 Requirements
- • Bachelor’s degree in Information Security, Information Technology, Accounting, or related field (or equivalent experience).
- • 10+ years of experience in IT security, compliance, IT audit, and/or third-party risk management.
- • Strong hands-on experience with SOC 1/SOC 2, ISO 27001, HITRUST, IT General Controls (ITGCs), and third-party/vendor risk management frameworks.
- • Proven experience managing IT audits, vendor risk assessments, and security compliance teams.
- • Experience with GRC platforms and risk scoring methodologies, including inherent vs. residual risk.
- • Excellent communication and stakeholder management abilities, with detail-oriented documentation and evidence management discipline.
🏖️ Benefits
- • Opportunity to lead enterprise-wide security and compliance initiatives at a growing digital healthcare company.
- • Cross-functional collaboration with sales, legal, procurement, and operational teams to support business objectives.
- • Exposure to industry-leading frameworks including ISO 27001, HITRUST, SOC, and NIST.
- • Use of GRC tools to manage and track vendor risk posture and remediation efforts.
- • Role based in a remote work environment with flexibility to work from multiple locations.
- • Contribution to improving healthcare outcomes through strong security, audit, and compliance posture.
Skills & Technologies
About Sharecare, Inc.
Sharecare, Inc. is a digital health company that provides a platform connecting consumers, patients, and healthcare providers. It offers tools for health assessments, condition management, care coordination, and wellness programs. The company integrates data from electronic health records, wearable devices, and user inputs to deliver personalized health insights and recommendations. Sharecare serves individuals, employers, health plans, and health systems through mobile and web applications. Founded in 2010, it is headquartered in Atlanta, Georgia.
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
Similar Opportunities
Akaysha Energy Pty Ltd
2 months ago
X-Bow Systems Inc.
13 days ago
Arctic Wolf Networks, Inc.
1 month ago
