Security Manager

The Security Manager will lead, implement, and maintain our security, privacy, and certification programs for Market Prominence. This role will be responsible for designing and operationalizing SOC2 compliant policies, managing our GRC platform, coordinating audits, ensuring readiness for external assessments, and serving as a key resource for client security requests. This Security Manager will work as an individual contributor cross-functionally with Engineering, Security, HR, and Operations teams to ensure our controls are well-designed, consistently implemented, and documented in alignment with regulatory requirements and industry best practices.

This position can be based Hybrid in Tampa, FL or Guilford, CT.

Key Responsibilities:

Certification Program Development

* Lead the company's SOC 2 Type II and HIPAA compliance initiatives from planning through certification.

* Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA, NIST, and other relevant standards.

* Establish and maintain a security roadmap, including milestones, control gaps, remediation steps, and timelines.

GRC Tool Ownership

* Implement, configure, and administer the company's GRC platform.

* Map controls, evidence sources, workflows, and automated tests within the GRC tool.

* Ensure continuous monitoring and automated evidence collection is accurate and functioning.

* Work with Market Prominence team to correct any findings.

Audit & Certification Management

* Serve as the primary liaison for external auditors, assessors, and compliance partners.

* Prepare audit-ready documentation, evidence, and controls for SOC 2 Type II and HIPAA audits.

* Coordinate and track internal control testing and remediation actions.

* Maintain readiness for annual recertification and surveillance audits.

Policy & Process Implementation

* Train internal teams on new policies, procedures, and compliance requirements.

* Collaborate with Engineering and Dev Ops to implement technical security controls (e.g., logging, access management, encryption, vulnerability management).

* Ensure proper implementation and documentation of administrative, physical, and technical safeguards required for HIPAA.

Client Security Requests

* Manage client and prospect security questionnaires.

* Maintain standardized responses and supporting documentation.

* Participate in security review calls with clients as needed.

Risk Management & Internal Oversight

* Maintain the Market Prominence risk register and ensure timely risk assessments.

* Oversee third-party vendor security evaluations and monitoring.

* Participate in incident response planning, tabletop exercises, and post-incident reviews.

* Monitor and report on compliance KPIs and risk posture to leadership.

Continuous Improvement

* Stay current with regulatory requirements and industry frameworks (e.g., SOC 2, HIPAA).

* Recommend and implement improvements to enhance the company's security and compliance posture.

* Evaluate and introduce new tools, processes, and automation opportunities.

Skill Requirements:

* 3-7+ years of experience in security, compliance, IT risk, or related field.

* Direct experience with SOC 2 Type II and/or HIPAA compliance initiatives.

* Strong familiarity with common GRC tools and compliance automation platforms.

* Experience drafting policies, procedures, and technical security documentation.

* Ability to manage audits, communicate with auditors, and gather required evidence.

* Understanding of security best practices (access control, encryption, logging, vulnerability management, cloud security).

* Excellent organizational, project management, and cross-functional communication skills.

Education/Certification Requirements:

* Bachelor's Degree or relevant certifications

Additional Competency Requirements:

* Experience in a SaaS, cloud-native, or healthcare IT environment.

* Knowledge of AWS, Azure, or other cloud security frameworks.

* Experience with HITRUST, ISO 27001, or NIST frameworks.

* Relevant certifications (e.g., CISSP, CISA, CISM, HCISPP, Security+, CCSFP).

* Successful candidate must be able to successfully complete a background check and drug screening.

At MHK we help health plans and pharmacy benefit managers deliver optimal care management across every member's health journey. We do this through state-of-the-art technology that provides critical insights from member enrollment and maintenance through every stage of care and compliance. We believe that long-term partnerships are built on trust. Our team members are expected to build trusted advisory relationships-with MHK clients and one another-through responsive, transparent communication, while honoring commitments, and tying that trust to outcomes.

Benefits Snapshot:

* Medical, vision, and dental plans for full time employees

* 401(k) offered with a generous match

* Benefits begin on first day of the month following employment

* Exercise/Health Club reimbursement opportunity

* Monthly dependent care reimbursement opportunity

* Short Term and Long-Term…