Security Risk Program Lead

About Us:

Grow Therapy is on a mission to serve as the trusted partner for therapists growing their practice, and patients accessing high-quality care. Powered by technology, we are a three-sided marketplace that empowers providers, augments insurance payors, and serves patients. Following the mass increase in depression and anxiety, the need for accessibility is more important than ever. To make our vision for mental healthcare a reality, we’re building a team of entrepreneurs and mission-driven go-getters. Since launching in February 2021, we’ve empowered more than ten thousand therapists and hundreds of thousands of clients across the country and insurance landscape. We’ve raised more than $178mm of funding from Sequoia Capital, Transformation Capital, TCV, SignalFire, and others.

The Opportunity

We are looking for a Security Risk Program Manager to take Grow Therapy's security risk program to the next level of maturity. Reporting directly to the Head of Security, you'll be part of a team focused on protecting Grow's patients, providers, employees, and business by embedding risk awareness into everyday decision-making. Your work will directly support Grow's mission to expand access to high-quality mental healthcare—safely, responsibly, and at scale. Your responsibilities will include building and maturing our enterprise risk management framework, driving audit readiness, shaping executive risk reporting, and partnering closely with teams across Legal, Compliance, Engineering, and Product.

What You'll Be Doing

• Build and mature Grow's enterprise security risk management program, including risk identification, assessment, prioritization, remediation tracking, and maintaining a comprehensive risk register that informs business decisions.
• Lead the charge on AI risk management: Security sits within Grow’s Internal Foundations pillar, which is building company-wide infrastructure to support AI adoption. You’ll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Own the third-party/vendor security risk management program, streamlining review workflows to support business velocity while ensuring robust security oversight of partners and vendors.
• Drive audit readiness and external certifications (SOC 2, HIPAA-aligned assessments, HITRUST readiness) in close partnership with Legal and Compliance, reducing repeat findings and improving remediation timelines.
• Develop and deliver executive-level risk reporting and readouts that translate technical and security risks into clear business impact, enabling leadership to make informed, risk-aware tradeoffs as the company scales.
• Partner proactively across Security Engineering, Product, Engineering, and Operations to embed security and risk awareness into planning and decision-making cycles—positioning security as a strategic enabler rather than a gatekeeper.

You'll Be a Good Fit If

• You have deep experience building and operating security or enterprise risk management programs (not just managing projects) and a strong bias toward execution in fast-paced environments.
• You bring strong knowledge of healthcare security, privacy, and compliance frameworks (HIPAA, SOC 2, HITRUST) and can navigate regulatory obligations without sacrificing speed or innovation.
• You have exceptional stakeholder management and communication skills, including a track record of influencing senior leaders and translating complex risk concepts into actionable business guidance.
• You are a strong program manager with a structured approach to prioritization, documentation, and cross-functional alignment.
• Bonus: Experience scaling risk programs at high-growth or pre-IPO tech companies, prior ownership of vendor risk programs, or familiarity with GRC tooling and automation.

Key skills/competency

• Security Risk Management
• Enterprise Risk Management
• AI Risk Management
• Third-Party Risk Management
• Audit Readiness
• SOC 2
• HIPAA
• HITRUST
• Risk Reporting
• Program Management