Technical Program Manager, Security & GRC

Technical Program Manager, Security & GRC

Job type:
Full Time
· Department:
Engineering
· Work type:
Remote
· USD 80000
-160000 / year

United States

Deep Scribe is building the future of healthcare technology. Our vision goes beyond automating medical notes - we are building AI agents for providers, streamlining diverse clinical workflows such as clinical trial matching, billing, and more. By embedding AI deeply into healthcare operations, we empower clinicians to deliver exceptional care.

We’ve raised over $60 million in total funding from top-tier investors, including Index Ventures and prominent angels such as Alexandr Wang (CEO of Scale AI) and Dylan Field (CEO of Figma). Our solutions are trusted by some of the largest healthcare organizations in the country, including The US Oncology Network (the nation’s largest oncology network) and Ochsner Health (the largest healthcare system on the Gulf Coast).

We’re seeking a Technical Program Manager, Security & GRC to drive Deep Scribe’s most critical cross‑functional programs at the intersection of security, compliance, and engineering operations.

You will be the primary driver of our security and compliance programs – owning execution, coordination, and technical follow‑through across SOC 2, HIPAA, vendor risk, security reviews, and audit readiness. You will also support engineering effectiveness and operational excellence initiatives, helping improve how engineering teams respond to incidents, ship changes, and operate reliably at scale.

This is a hands‑on TPM role for someone who thrives in ambiguity, enjoys working closely with engineers, and can translate regulatory and operational requirements into clear, executable programs.

Own and drive execution of Deep Scribe’s SOC 2, HIPAA, and other relevant compliance programs, partnering closely with Engineering, Legal, and People Ops.

Coordinate security reviews, risk assessments, and control validation across teams.

Lead the vendor security management program, including intake, reviews, remediation tracking, and ongoing monitoring.

Drive security improvement initiatives based on risk findings, audit outcomes, and incident learnings.

Manage the technical aspects of customer security reviews, including architecture explanations, control narratives, and evidence coordination.

Coordinate responses to RFPs, RFIs, and security questionnaires that require engineering input, ensuring accuracy, consistency, and timeliness.

Drive incident response and operational excellence initiatives, including retrospectives, follow‑ups, and improvement tracking.

Coordinate deployment processes and launch management, ensuring readiness, communication, and rollback awareness.

Implement and maintain engineering best practices related to operational reliability, security, and change management.

Support cross‑team technical initiatives that require coordination across multiple engineering squads.

Improve engineering documentation and knowledge sharing, particularly for operational and security‑relevant workflows.

Help manage operational alerts and response processes, focusing on clarity, ownership, and continuous improvement.

Support additional cross‑functional technical programs as assigned, particularly where security, risk, or operational rigor are involved.

2+ years of experience as a Technical Program Manager, Security TPM, or similar role working closely with engineering teams

Experience driving security, compliance, or risk‑related programs (e.g., SOC 2, HIPAA, ISO, HITRUST, FedRAMP, or equivalent)

Experience supporting healthcare, PHI, or regulated data environments

Strong ability to coordinate complex, cross‑functional technical work across technical and non‑technical stakeholders

Comfort operating in regulated environments and translating requirements into actionable plans

Excellent written and verbal communication skills, especially in technical and audit‑adjacent contexts

Experience working with Vanta, or other compliance automation platforms.

Familiarity…