Make a game-changing next move.

Learn more about the opportunities in Coatue's portfolio.

Security Risk Specialist (Remote)

Hinge Health

Hinge Health

United States
Posted on Saturday, April 8, 2023
One in two people experience debilitating back, neck, shoulder, or joint pain — but traditional treatments have failed to meet their needs. Physical therapy can be expensive and hard to access; appointments often involve long commutes and missed work. Making matters worse, unresolved pain can trigger the overuse of opioids and surgeries.
Join us in reimagining healthcare from the ground up. We’re making high-quality care accessible by pairing wearable sensors and computer vision with a world-class clinical team. Hinge Health puts a digital clinic in every member's pocket. Now millions of people can access personalized digital care from a physical therapist, guidance on behavior change from a health coach, and expert consultations with an orthopedic surgeon. With a single app and wearable technology like our Enso device, we’re helping to reduce pain, surgeries, and opioid use.
Here at Hinge Health, we welcome all applicants and know a diverse team makes us better and stronger. We look for individuals who embody our leadership principles and we value varied experiences and skill sets. Beyond specific work experience, we also look for unique capabilities and skill sets that are key indicators an applicant will thrive in our fast-paced, frequently evolving environment. If this sounds like the kind of place you’d like to be part of, please apply - we would love to hear from you!
Work From Anywhere
Hinge Health employees have the flexibility to work remotely in hubs across the United States.
About the Role
The Security Risk Analyst position will be responsible for performing internal and external security risk assessments. This role will help maintain a comprehensive risk management program to identify, evaluate and monitor various information and third party security risks. This position will work closely with cross functional teams to ensure that information security risks associated with critical Hinge Health assets, data, operations, and third-party relationships are properly identified and effectively managed.


  • Contribute to building and maturing Hinge Health’s security policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, HITRUST) and regulatory/compliance requirements (e.g., HIPAA, Sarbanes Oxley, GDPR).
  • Execute IT audits, as well as, performing controls assessments for industry accepted frameworks such as SOX, NIST, HITRUST
  • Conduct assessments for IT general and application controls in the areas of system development, Identity and Access Management (IAM), logging and monitoring, vulnerability management, change management, logical access, data networks and computer operations.
  • Deliver guidance related to enhancing the security posture of information systems solutions.
  • Work closely with IT, Information Security, and Engineering teams to develop a strategy and program to effectively manage information security risk and further improve security posture and maturity.
  • Participate in automating common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.
  • Assist in building continuous security management, monitoring and testing capabilities within a cloud native environment.
  • Evaluate the design and effectiveness of controls, as well as, track, monitor and assist process owners with remediation plans.
  • Remain up-to-date on legal and regulatory changes, emerging threats and evolving technologies and implement appropriate control mechanisms based on risks within Hinge Health’s environment.
  • Collect and maintain a library of objective evidence to show ongoing compliance with the documented controls.
  • Ability to put into practice security & privacy frameworks & standards such as ISO 27001, SOC2, HITRUST and HIPAA.
  • Provide information to external business partners and customers on Hinge Health’s internal security capabilities and practices in support of business objectives.


  • Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience.
  • Experience in public accounting and/or internal audit functions involving public companies with exposure to advanced information system audit techniques, including but not limited to SOX 404, NIST SP 800-53, NIST CSF, HITRUST, SOC 1, SOC 2, ISO 27001, etc.
  • 2+ years of experience in Information Security and experience driving security risk management activities
  • At least three (2) years of experience performing IT General Controls (ITGCs) and/or IT Application Controls assessments; evaluating risks-based principles and executing audit programs.
  • Capability to assess maturity of controls by conducting control design and operating effectiveness reviews.
  • Experience conducting third-party security risk assessments while collaborating with cross functional teams to effectively manage risk.
  • Working knowledge of relevant compliance, privacy, regulatory frameworks (e.g., HIPAA, HITRUST SOX, GDPR)
  • Experience with common information security management frameworks (e.g., HITRUST, NIST) and healthcare regulations.
  • Familiarity with cloud environments and cloud computing service deployment architecture (IaaS, PaaS, SaaS)
  • Excellent written, verbal and nonverbal communication skills, including the ability to communicate security and risk-related concepts to nontechnical audiences within the organization.
  • Motivate, inspire, and create a positive work/team culture: You successfully maintain a high level of motivation, positive can-do attitude, and inclusive culture in your teams.
  • CISSP, CCSP, CEH, CISA CRISA or similar, related certification


  • Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn’t available where you live.
  • Planning for the future: Start saving for the future with our traditional or roth 401k retirement plan options which include a 2% company match.
  • Modern life stipends: Manage your own learning and development budget, use the mental health to support therapy costs, and lifestyle stipends to cover your favorite wellness services, and work-from-home equipment.
  • Flexible vacation and paid time off: Employees have flexibility to choose when, how, and why they take time off to rest and recharge. Exempt employees can take advantage of our flexible pto program. Nonexempt employees can utilize up to two weeks of sick time and up to 17 days of vacation per year, including mental health days.
  • Other compensation: At Hinge Health, we want every employee to be invested and rewarded in the future success of the company. All full-time positions are eligible for equity.
About Hinge Health:
LinkedIn recently named Hinge Health one of the Top 50 Startups. Forbes, Fast Company, and Inc. have also recognized our technology, innovation, and culture.
Since our founding in 2014, we've raised more than $800 million from leading investors, including Coatue and Tiger Global. We work with 1000 customers across every industry and the public sector — including Salesforce, Verizon, and the State of New Jersey — to give more than 23 million people access to the care they need. We’re positioned to continue leading the market with unmatched investments in clinical research, care innovation, machine learning, AI, and computer vision.
Diversity and inclusion:
We’re committed to building diverse teams that reflect the communities we serve. Visit to learn more about what moves us.
Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter.
There continues to be a significant increase in phishing attempts across all industries where fraudsters are impersonating real employees and sending fictitious job offers to applicants in a scheme to obtain sensitive information. Please note that we will never ask for your financial information at any part of the interview process including the post-offer stage, and will only correspond through domain email addresses.
If you encounter any suspicious activity, we recommend you cease all communication with the individual and consider reporting them to the US FBI Internet Crime Complaint Center. If you would like to verify the legitimacy of an email you received from our recruiting team, please forward it to
*Please do not send resumes via email*
If you're interested - we'd love to hear from you.