Staff TPM, Security Risk

About Us:

Grow Therapy is on a mission to serve as the trusted partner for therapists growing their practice and patients accessing high-quality care. Powered by technology we are a three-sided marketplace that empowers providers augments insurance payors and serves patients. Following the mass increase in depression and anxiety the need for accessibility is more important than ever. To make our vision for mental healthcare a reality were building a team of entrepreneurs and mission-driven go-getters. Since launching in February 2021 weve empowered more than ten thousand therapists and hundreds of thousands of clients across the country and insurance landscape. Weve raised more than $178mm of funding from Sequoia Capital Transformation Capital TCV SignalFire and others.

The Opportunity

We are looking for a Security Risk Program Manager to take Grow Therapys security risk program to the next level of maturity. Reporting directly to the Head of Security youll be part of a team focused on protecting Grows patients providers employees and business by embedding risk awareness into everyday decision-making. Your work will directly support Grows mission to expand access to high-quality mental healthcaresafely responsibly and at scale. Your responsibilities will include building and maturing our enterprise risk management framework driving audit readiness shaping executive risk reporting and partnering closely with teams across Legal Compliance Engineering and Product.

What Youll Be Doing

• Build and mature Grows enterprise security risk management program including risk identification assessment prioritization remediation tracking and maintaining a comprehensive risk register that informs business decisions.
• Lead the charge on AI risk management: Security sits within Grows Internal Foundations pillar which is building company-wide infrastructure to support AI adoption. Youll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Own the third-party/vendor security risk management program streamlining review workflows to support business velocity while ensuring robust security oversight of partners and vendors.
• Drive audit readiness and external certifications (SOC 2 HIPAA-aligned assessments HITRUST readiness) in close partnership with Legal and Compliance reducing repeat findings and improving remediation timelines.
• Develop and deliver executive-level risk reporting and readouts that translate technical and security risks into clear business impact enabling leadership to make informed risk-aware tradeoffs as the company scales.
• Partner proactively across Security Engineering Product Engineering and Operations to embed security and risk awareness into planning and decision-making cyclespositioning security as a strategic enabler rather than a gatekeeper.

Youll Be a Good Fit If

• You have deep experience building and operating security or enterprise risk management programs (not just managing projects) and a strong bias toward execution in fast-paced environments.
• You bring strong knowledge of healthcare security privacy and compliance frameworks (HIPAA SOC 2 HITRUST) and can navigate regulatory obligations without sacrificing speed or innovation.
• You have exceptional stakeholder management and communication skills including a track record of influencing senior leaders and translating complex risk concepts into actionable business guidance.
• You are a strong program manager with a structured approach to prioritization documentation and cross-functional alignment.
• Bonus: Experience scaling risk programs at high-growth or pre-IPO tech companies prior ownership of vendor risk programs or familiarity with GRC tooling and automation.

Employment Type: Full Time Exempt

Base Compensation: The base compensation range for this position is $152000$189750 USD Annually.
The base compensation for this role will vary depending on several factors including relevant experience qualifications and the candidates working location.

Location: This is a hybrid role with the expectation to work onsite from our NYC or San Francisco hub locations three days per week (Tuesday Wednesday and Thursday) and travel 23 times per year (e.g. company and department offsites).

Full Time Employee Benefits:

• Comprehensive Health Coverage: Medical dental and vision insurance plus life and disability coverage.
• Parental Leave & Family Support: Up to 18 weeks paid leave and a new child stipend.
• Financial Wellness: 401(k) program and equity opportunities.
• Meals & Home Office Support: Stipends for home office setup and ongoing funds for meals with tailored perks for both remote and in-office employees.
• Time Off to Recharge: Flexible PTO 12 paid holidays and a full winter break week.
• Wellness & Development: Annual stipends to put towards personal & professional growth.
• Mental & Physical Health Support: No-costaccess to therapy through the Grow platform weekly flexible hours for self-care (Mental Health Mornings/Afternoons) and memberships to leading wellness apps (such as One Medical Headspace and Talkspace).
• Extra Perks: Pet insurance discounts commuter benefits and global travel assistance.

Research shows that some groups hesitate to apply unless they meet every qualification. If youre excited about this role but dont check every box we encourage you to apply. At Grow we value diverse experiences transferable skills and the unique strengths each person brings.

Grow Therapy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race color ancestry religion sex national origin sexual orientation age citizenship marital status disability gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories consistent with legal requirements.

Use of AI Tools: By submitting your application you acknowledge and consent to the use of automated tools as part of our recruitment process. Specifically we use a third-party AI toolGem to assist in theinitial screening of resumes. This tool analyzes resumes based on role-specific criteria provided by our recruiters to identify potentially strong matches for the role. Importantly no hiring decisions are made by the AI tool.All decisions about which candidates move forward are made by our human recruiting team after independent review.More information about Gems approach to compliance withCalifornia FEHA regulations on automated decision systemsandNew York Local Law 144can be found on the Gem compliance website.We are committed to transparency and fairness in our hiring practices. If you have questions about how our AI tools work or would like more information about how your application will be processed please contact us at . If you require an accommodation due to a disability or have concerns about the use of AI in the hiring process please also contact us. We are happy to provide assistance or offer an alternative method of participating in the recruitment process.