Skip to content
ForusForusNew York, NY

Security Program Manager

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering

About the role

Responsibilities

  • Own compliance programs end to end (SOC 2 Type II, HIPAA, and HITRUST) from readiness through audit and continuous monitoring.
  • Build and run the customer trust function (security questionnaires, RFPs, due diligence, and our trust center).
  • Stand up and administer compliance automation, turning evidence collection and control monitoring into a continuous, low-toil system.
  • Author security policies, run security-awareness training, and drive access reviews and audit readiness across the company.
  • Partner with engineering and legal to translate framework and customer requirements into concrete controls, and coordinate external auditors and penetration-testing firms.
  • Own the risk register and give leadership clear, honest visibility into our security and compliance posture.

Requirements

  • Typically 4–7 years in GRC, security compliance, or security program management, with a track record of running audits end to end.
  • Hands-on experience with SOC 2 and HIPAA.
  • Experience in a regulated, high-growth environment — ideally healthcare or another domain with serious data-handling obligations.
  • Fluency with compliance automation tooling and enough technical literacy to work credibly with engineers on cloud, identity, and logging controls.
  • Experience owning customer-facing security with enterprise buyers: questionnaires, trust centers, and due diligence.
  • Strong written and verbal communication.
  • Track record of moving quickly, finding shortcuts, and going to unreasonable lengths to deliver on goals.
  • High NPS with your former teammates.

Nice-to-Haves

  • HITRUST experience.
  • Track record of standing up a new framework from scratch.

Skills

SOC 2HIPAAHitrustGRCCompliance AutomationRisk RegisterSecurity PoliciesAudit ReadinessPenetration TestingCloud ControlsIdentity ControlsLogging Controls
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k
On-site3+ YOESecurity Engineering
Anthropic

Red Team Engineer, Safeguards

AnthropicSan Francisco, CA

Red Team Engineer on Anthropic's Safeguards team performing adversarial testing and full kill-chain attacks on AI products to uncover vulnerabilities, jailbreaks, and novel abuse vectors before malicious exploitation. Requires strong pen-testing, red teaming, and LLM-specific security experience.

320k – 405k
Remote5+ YOESecurity Engineering