Security Manager
Hearst Health
•
Tampa, FL
0
0
0
0
Not Applicable
Posted April 17, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- Certification Program Development
- Lead the company’s SOC 2 Type II and HIPAA compliance initiatives from planning through certification.
- Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA, NIST, and other relevant standards.
- Establish and maintain a security roadmap, including milestones, control gaps, remediation steps, and timelines.
- GRC Tool Ownership
- Implement, configure, and administer the company’s GRC platform.
- Map controls, evidence sources, workflows, and automated tests within the GRC tool.
- Ensure continuous monitoring and automated evidence collection is accurate and functioning.
- Work with MarketProminence team to correct any findings.
- Audit & Certification Management
- Serve as the primary liaison for external auditors, assessors, and compliance partners.
- Prepare audit-ready documentation, evidence, and controls for SOC 2 Type II and HIPAA audits.
- Coordinate and track internal control testing and remediation actions.
- Maintain readiness for annual recertification and surveillance audits.
- Policy & Process Implementation
- Train internal teams on new policies, procedures, and compliance requirements.
- Collaborate with Engineering and DevOps to implement technical security controls (e.g., logging, access management, encryption, vulnerability management).
- Ensure proper implementation and documentation of administrative, physical, and technical safeguards required for HIPAA.
- Client Security Requests
- Manage client and prospect security questionnaires.
- Maintain standardized responses and supporting documentation.
- Participate in security review calls with clients as needed.
- Risk Management & Internal Oversight
- Maintain the MarketProminence risk register and ensure timely risk assessments.
- Oversee third-party vendor security evaluations and monitoring.
- Participate in incident response planning, tabletop exercises, and post-incident reviews.
- Monitor and report on compliance KPIs and risk posture to leadership.
- Continuous Improvement
- Stay current with regulatory requirements and industry frameworks (e.g., SOC 2, HIPAA).
- Recommend and implement improvements to enhance the company’s security and compliance posture.
- Evaluate and introduce new tools, processes, and automation opportunities.
Commitments
This position can be based Hybrid in Tampa, FL or Guilford, CT.
Successful candidate must be able to successfully complete a background check and drug screening.
We do this through state-of-the-art technology that provides critical insights from member enrollment and maintenance through every stage of care and compliance.
We believe that long-term partnerships are built on trust.
Our team members are expected to build trusted advisory relationships—with MHK clients and one another—through responsive, transparent communication, while honoring commitments, and tying that trust to outcomes.
Benefits begin on first day of the month following employment
Not Met Priorities
What still needs stronger evidence
Requirements
- 3–7+ years of experience in security, compliance, IT risk, or related field.
- Direct experience with SOC 2 Type II and/or HIPAA compliance initiatives.
- Strong familiarity with common GRC tools and compliance automation platforms.
- Experience drafting policies, procedures, and technical security documentation.
- Ability to manage audits, communicate with auditors, and gather required evidence.
- Understanding of security best practices (access control, encryption, logging, vulnerability management, cloud security).
- Excellent organizational, project management, and cross-functional communication skills.
- Experience in a SaaS, cloud-native, or healthcare IT environment.
- Knowledge of AWS, Azure, or other cloud security frameworks.
- Experience with HITRUST, ISO 27001, or NIST frameworks.
- Relevant certifications (e.g., CISSP, CISA, CISM, HCISPP, Security+, CCSFP).
- Successful candidate must be able to successfully complete a background check and drug screening.
- We do this through state-of-the-art technology that provides critical insights from member enrollment and maintenance through every stage of care and compliance.
Education
- (Not required) – Education/Certification Requirements:
- (Not required) – Bachelor’s Degree or relevant certifications
Job Description
The Security Manager will lead, implement, and maintain our security, privacy, and certification programs for MarketProminence. This role will be responsible for designing and operationalizing SOC2 compliant policies, managing our GRC platform, coordinating audits, ensuring readiness for external assessments, and serving as a key resource for client security requests. This Security Manager will work as an individual contributor cross-functionally with Engineering, Security, HR, and Operations teams to ensure our controls are well-designed, consistently implemented, and documented in alignment with regulatory requirements and industry best practices. This position can be based Hybrid in Tampa, FL or Guilford, CT.
Key Responsibilities:
Certification Program Development
Lead the company’s SOC 2 Type II and HIPAA compliance initiatives from planning through certification.
Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA, NIST, and other relevant standards.
Establish and maintain a security roadmap, including milestones, control gaps, remediation steps, and timelines.
GRC Tool Ownership
Implement, configure, and administer the company’s GRC platform.
Map controls, evidence sources, workflows, and automated tests within the GRC tool.
Ensure continuous monitoring and automated evidence collection is accurate and functioning.
Work with MarketProminence team to correct any findings.
Audit & Certification Management
Serve as the primary liaison for external auditors, assessors, and compliance partners.
Prepare audit-ready documentation, evidence, and controls for SOC 2 Type II and HIPAA audits.
Coordinate and track internal control testing and remediation actions.
Maintain readiness for annual recertification and surveillance audits.
Policy & Process Implementation
Train internal teams on new policies, procedures, and compliance requirements.
Collaborate with Engineering and DevOps to implement technical security controls (e.g., logging, access management, encryption, vulnerability management).
Ensure proper implementation and documentation of administrative, physical, and technical safeguards required for HIPAA.
Client Security Requests
Manage client and prospect security questionnaires.
Maintain standardized responses and supporting documentation.
Participate in security review calls with clients as needed.
Risk Management & Internal Oversight
Maintain the MarketProminence risk register and ensure timely risk assessments.
Oversee third-party vendor security evaluations and monitoring.
Participate in incident response planning, tabletop exercises, and post-incident reviews.
Monitor and report on compliance KPIs and risk posture to leadership.
Continuous Improvement
Stay current with regulatory requirements and industry frameworks (e.g., SOC 2, HIPAA).
Recommend and implement improvements to enhance the company’s security and compliance posture.
Evaluate and introduce new tools, processes, and automation opportunities.
Skill Requirements:
3–7+ years of experience in security, compliance, IT risk, or related field.
Direct experience with SOC 2 Type II and/or HIPAA compliance initiatives.
Strong familiarity with common GRC tools and compliance automation platforms.
Experience drafting policies, procedures, and technical security documentation.
Ability to manage audits, communicate with auditors, and gather required evidence.
Understanding of security best practices (access control, encryption, logging, vulnerability management, cloud security).
Excellent organizational, project management, and cross-functional communication skills.
Education/Certification Requirements:
Bachelor’s Degree or relevant certifications
Additional Competency Requirements:
Experience in a SaaS, cloud-native, or healthcare IT environment.
Knowledge of AWS, Azure, or other cloud security frameworks.
Experience with HITRUST, ISO 27001, or NIST frameworks.
Relevant certifications (e.g., CISSP, CISA, CISM, HCISPP, Security+, CCSFP).
Successful candidate must be able to successfully complete a background check and drug screening.
At MHK we help health plans and pharmacy benefit managers deliver optimal care management across every member’s health journey. We do this through state-of-the-art technology that provides critical insights from member enrollment and maintenance through every stage of care and compliance. We believe that long-term partnerships are built on trust. Our team members are expected to build trusted advisory relationships—with MHK clients and one another—through responsive, transparent communication, while honoring commitments, and tying that trust to outcomes.
Benefits Snapshot:
Medical, vision, and dental plans for full time employees
401(k) offered with a generous match
Benefits begin on first day of the month following employment
Exercise/Health Club reimbursement opportunity
Monthly dependent care reimbursement opportunity
Short Term and Long-Term disability
Basic Term Life and AD&D Insurance
Generous PTO and Company Paid Holidays
EQUAL OPPORTUNITY EMPLOYER - VETERANS/DISABLED. Always be aware of Recruitment Fraud
The Security Manager will lead, implement, and maintain our security, privacy, and certification programs for MarketProminence. This role will be responsible for designing and operationalizing SOC2 compliant policies, managing our GRC platform, coordinating audits, ensuring readiness for external assessments, and serving as a key resource for client security requests. This Security Manager will work as an individual contributor cross-functionally with Engineering, Security, HR, and Operations teams to ensure our controls are well-designed, consistently implemented, and documented in alignment with regulatory requirements and industry best practices. This position can be based Hybrid in Tampa, FL or Guilford, CT.
Key Responsibilities:
Certification Program Development
Lead the company’s SOC 2 Type II and HIPAA compliance initiatives from planning through certification.
Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA, NIST, and other relevant standards.
Establish and maintain a security roadmap, including milestones, control gaps, remediation steps, and timelines.
GRC Tool Ownership
Implement, configure, and administer the company’s GRC platform.
Map controls, evidence sources, workflows, and automated tests within the GRC tool.
Ensure continuous monitoring and automated evidence collection is accurate and functioning.
Work with MarketProminence team to correct any findings.
Audit & Certification Management
Serve as the primary liaison for external auditors, assessors, and compliance partners.
Prepare audit-ready documentation, evidence, and controls for SOC 2 Type II and HIPAA audits.
Coordinate and track internal control testing and remediation actions.
Maintain readiness for annual recertification and surveillance audits.
Policy & Process Implementation
Train internal teams on new policies, procedures, and compliance requirements.
Collaborate with Engineering and DevOps to implement technical security controls (e.g., logging, access management, encryption, vulnerability management).
Ensure proper implementation and documentation of administrative, physical, and technical safeguards required for HIPAA.
Client Security Requests
Manage client and prospect security questionnaires.
Maintain standardized responses and supporting documentation.
Participate in security review calls with clients as needed.
Risk Management & Internal Oversight
Maintain the MarketProminence risk register and ensure timely risk assessments.
Oversee third-party vendor security evaluations and monitoring.
Participate in incident response planning, tabletop exercises, and post-incident reviews.
Monitor and report on compliance KPIs and risk posture to leadership.
Continuous Improvement
Stay current with regulatory requirements and industry frameworks (e.g., SOC 2, HIPAA).
Recommend and implement improvements to enhance the company’s security and compliance posture.
Evaluate and introduce new tools, processes, and automation opportunities.
Skill Requirements:
3–7+ years of experience in security, compliance, IT risk, or related field.
Direct experience with SOC 2 Type II and/or HIPAA compliance initiatives.
Strong familiarity with common GRC tools and compliance automation platforms.
Experience drafting policies, procedures, and technical security documentation.
Ability to manage audits, communicate with auditors, and gather required evidence.
Understanding of security best practices (access control, encryption, logging, vulnerability management, cloud security).
Excellent organizational, project management, and cross-functional communication skills.
Education/Certification Requirements:
Bachelor’s Degree or relevant certifications
Additional Competency Requirements:
Experience in a SaaS, cloud-native, or healthcare IT environment.
Knowledge of AWS, Azure, or other cloud security frameworks.
Experience with HITRUST, ISO 27001, or NIST frameworks.
Relevant certifications (e.g., CISSP, CISA, CISM, HCISPP, Security+, CCSFP).
Successful candidate must be able to successfully complete a background check and drug screening.
At MHK we help health plans and pharmacy benefit managers deliver optimal care management across every member’s health journey. We do this through state-of-the-art technology that provides critical insights from member enrollment and maintenance through every stage of care and compliance. We believe that long-term partnerships are built on trust. Our team members are expected to build trusted advisory relationships—with MHK clients and one another—through responsive, transparent communication, while honoring commitments, and tying that trust to outcomes.
Benefits Snapshot:
Medical, vision, and dental plans for full time employees
401(k) offered with a generous match
Benefits begin on first day of the month following employment
Exercise/Health Club reimbursement opportunity
Monthly dependent care reimbursement opportunity
Short Term and Long-Term disability
Basic Term Life and AD&D Insurance
Generous PTO and Company Paid Holidays
EQUAL OPPORTUNITY EMPLOYER - VETERANS/DISABLED. Always be aware of Recruitment Fraud