Manager, Technology Risk

About the Role

The Technology Risk Manager is a senior individual contributor responsible for driving Hinge Healths technology risk posture across security infrastructure and IT. Youll act as the primary owner for technology risk across multiple teams rather than as a pure advisor. The role has broad exposure to Security IT Engineering leadership and youre expected to confidently surface risks drive clear risk evaluations and collaborate with partners to land practical remediation decisions.

Youll work closely with Application Security Engineering Security and IT to translate technical vulnerabilities into business risk maintain the Technology Risk Register and ensure high-quality timely remediation in a PHI-handling and heavily regulated environment.

What Youll Do

• Maintain and continuously refine the Technology Risk Register documenting cyber operational and regulatory risks with clear ratings owners and mitigation plans.

• Track and drive remediation progress across engineering and IT teams escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs.

• Regulatory Compliance & Governance (SOX & HIPAA).

• Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing documentation and evidence collection.

• Coordinate and track remediation of SOX ITGC findings ensuring clear ownership high-quality corrective actions and timely closure to prevent control deficiencies and material weaknesses.

• Partner with Security Accounting Legal/Compliance and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements.

• Partner with Application Security SRE and Infrastructure teams to aggregate prioritize and track code vulnerabilities penetration-testing findings and infrastructure risks across the SDLC.

• Analyze vulnerability trends (by system control and data sensitivity) to help teams focus on the highest-impact remediation work.

• Drive consistent high-quality documentation of risk decisions mitigations and compensating controls.

• Design and maintain risk and control dashboards that provide senior leadership with clear insight into security posture compliance status and remediation velocity.

• Produce recurring executive-ready reports and narratives that translate complex technical risk into clear non-technical language for decision-makers and risk committees.

• Recommend and refine KPIs/KRIs that measure technology risk SOX ITGC health and vulnerability reduction over time.

What You Bring

• 8 years of experience in technology risk IT audit cybersecurity or information security with recent hands-on in SOX-driven or heavily regulated environments (e.g. public/pre-IPO company Big 4 IT audit/risk advisory financial services or healthcare).

• Proven track record as a senior IC leading complex cross-functional risk or compliance programs with high visibility to engineering and IT leadership.

• Deep experience with SOX IT General Controls (design testing and remediation) in cloud-first environments.

• Strong understanding of access management change management computer operations and related control frameworks.

• Comfort working in PHI-handling or similarly sensitive data environments.

• Demonstrated ability to influence senior engineering and IT stakeholders: you can surface uncomfortable risks keep discussions anchored in facts and impact and help teams arrive at well-documented decisions.

• Excellent relationship-builder who balances assertiveness with partnershipable to challenge negotiate trade-offs and still maintain trust.

• Exceptional written and verbal communication skills; you distill complex technical risk into concise executive-ready narratives and clear action plans.

Preferred Qualifications

• Certifications such as CISA CISSP or equivalent.

• Prior Big 4 (or similar) experience in IT audit SOX or technology risk.

• Experience with SOX IT General Controls and broader security frameworks.

Hinge Health Hybrid Model This is a hybrid role based in the San Francisco office requiring in-person attendance three days per week for a full 8-hour business day. On remote days employees are expected to work during core business hours with flexibility. The office is part of a dog-friendly workplace program and while travel is not regularly required occasional off-site/on-site events may occur. Physical demands are minimal and primarily involve standard office activities such as sitting typing and video conferencing.

About Hinge Health

At Hinge Health were using technology to scale and automate the delivery of healthcare starting with musculoskeletal (MSK) conditions which affect over 1.7 billion people worldwide. With an AI-powered human-centered care model Hinge Health leverages cutting-edge technology to improve outcomes experiences and costs to help people move beyond their pain. The platform addresses a broad spectrum of MSK care from acute injury to chronic pain to post-surgical rehabilitation through personalized evidence-based care.

As the preferred partner to 50 health plans PBMs and other ecosystem partners Hinge Health is available to over 20 million people across more than 2550 employers. The company is headquartered in San Francisco with additional offices in Montreal and Bangalore. Learn more at

What Youll Love About Us

• Inclusive healthcare and benefits: On top of comprehensive medical dental and vision coverage we offer employees and their family members help with gender-affirming care tools for family and fertility planning and travel reimbursements if healthcare isnt available where you live.

• Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.

• Modern life stipends: Manage your own learning and development

• Grow with us through discounted company stock through our ESPP with easy payroll deductions.

Culture & Engagement

Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race color religion sex sexual orientation gender identity national origin age veteran status disability status pregnancy or any other basis protected by federal state or local law. We also consider qualified applicants regardless of criminal histories consistent with legal requirements. We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability let us know by reaching out to your recruiter.

By submitting your application you are acknowledging we are using your personal data as outlined in the personnel and candidate privacy policy.

Beware of Phishing Attempts: Weve noticed an increase in phishing where fraudsters impersonate employees and send fake job offers to steal sensitive information. Well never ask for financial details during the hiring process and only use @ emails. If you receive a suspicious offer stop communication and report it to the US FBI Internet Crime Complaint Center. To verify an email from our recruiting team forward it to .

Required Experience:

Manager