Re‑architecting U.S. healthcare demands speed, precision, and an obsession with details. Cadence is building a remote care delivery system that keeps older people healthy, out of the hospital, and at home. By pairing each patient with a dedicated clinical team that reviews their health every day, versus every few months, we catch issues early and intervene before they escalate. The result: measurably better outcomes for patients and less administrative burden for clinicians.
Today, Cadence supports tens of thousands of active patients nationwide. Our AI‑powered system and scalable clinical model enable proactive, population‑level care. We’re among the fastest‑growing companies in healthtech, and we’re just getting started.
The Cadence Solutions team is seeking a Security GRC Manager, who will own and operationalize our compliance program, assess and mature our security controls, and serve as a critical bridge between security and the larger organization. This opportunity dives into technical details and builds pragmatic, defensible, healthcare-ready security practices that balance compliance with business enablement.

WHO WE ARE:

We move fast, raise standards, and own outcomes. We hire drivers, not passengers – people who take initiative, solve problems, and sweat the details because lives depend on it. Momentum matters in healthcare where slow decisions cost lives. At Cadence, we set a high bar and back each other relentlessly to clear it. If you’re ready to do the best work of your career and make a real impact in healthcare, join us.

• GRC Strategy & Program Management - Mature the overall GRC strategy. Program manage GRC initiatives to ensure timely and successful completion. Drive alignment of GRC priorities with company-wide business and security goals.
• Risk Management - Lead our risk management program conducting risk assessments, vulnerability analysis, and control testing. Identify, assess, and prioritize cybersecurity risks, and track remediation to closure. Build risk reports that communicate both technical and business impact.
• Third-Party Risk Management (TPRM) - Own and operate the company’s TPRM program evaluating vendors, reviewing security documentation, and collaborating with requestors and Legal to assess and manage third-party risk. Maintain vendor inventories, perform risk-based reviews, and ensure ongoing monitoring and reassessments are in place.
• Compliance & Policy - Own day-to-day management of HIPAA and SOC 2 Type II compliance. Develop and maintain security policies, standards, and procedures that meet regulatory, contractual, and business needs. Ensure policies are operationalized across teams and regularly updated to reflect changes in law, contractual obligations, and security posture.
• Security Control Maturity - Collaborate with Engineering and IT teams to improve technical controls across our environment.
• Collaboration & Communication - Cultivate strong relationships with risk owners and stakeholders to drive program buy-in and accountability. Partner cross-functionally with Legal, People, IT, Engineering and Product to embed security and compliance into core processes.
• Sales & Customer Enablement - Lead the response to security questionnaires, RFPs, and vendor risk assessments. Join customer/prospect calls as a security spokesperson and support the creation of trust-building artifacts. Translate technical risk posture into clear messaging for customers and partners.
• Security Awareness & Culture - Serve as the company’s lead security awareness advocate, driving education and engagement across the organization. Own and deliver security training programs, onboarding security orientations, newsletters, and targeted campaigns. Launch and evolve new security awareness initiatives that promote a strong security-first culture.