Skip to content
Hinge HealthHinge HealthSan Francisco, CA

Manager, Technology Risk

Senior individual contributor driving technology risk posture across security, infrastructure, and IT. Owns the Technology Risk Register, leads SOX ITGC compliance, and partners with engineering and security teams on remediation in a regulated healthcare environment.

198k – 250k/yr
Hybrid8+ YOESecurity Engineering

About the role

What You’ll Do

  • Maintain and continuously refine the Technology Risk Register, documenting cyber, operational, and regulatory risks with clear ratings, owners, and mitigation plans.
  • Track and drive remediation progress across engineering and IT teams, escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs.
  • Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing, documentation, and evidence collection.
  • Coordinate and track remediation of SOX ITGC findings, ensuring clear ownership, high-quality corrective actions, and timely closure to prevent control deficiencies and material weaknesses.
  • Partner with Security, Accounting, Legal/Compliance, and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements.
  • Partner with Application Security, SRE, and Infrastructure teams to aggregate, prioritize, and track code vulnerabilities, penetration-testing findings, and infrastructure risks across the SDLC.
  • Analyze vulnerability trends (by system, control, and data sensitivity) to help teams focus on the highest-impact remediation work.
  • Drive consistent, high-quality documentation of risk decisions, mitigations, and compensating controls.
  • Design and maintain risk and control dashboards that provide senior leadership with clear insight into security posture, compliance status, and remediation velocity.
  • Produce recurring executive-ready reports and narratives that translate complex technical risk into clear, non-technical language for decision-makers and risk committees.
  • Recommend and refine KPIs/KRIs that measure technology risk, SOX ITGC health, and vulnerability reduction over time.

What You Bring

  • 8+ years of experience in technology risk, IT audit, cybersecurity, or information security, with recent, hands-on experience in SOX-driven or heavily regulated environments (e.g. public/pre-IPO company, Big 4 IT audit/risk advisory, financial services or healthcare).
  • Proven track record as a senior IC leading complex, cross-functional risk or compliance programs with high visibility to engineering and IT leadership.
  • Deep experience with SOX IT General Controls (design, testing, and remediation) in cloud-first environments.
  • Strong understanding of access management, change management, computer operations, and related control frameworks.
  • Comfort working in PHI-handling or similarly sensitive data environments.
  • Demonstrated ability to influence senior engineering and IT stakeholders: surface uncomfortable risks, keep discussions anchored in facts and impact, and help teams arrive at well-documented decisions.
  • Excellent relationship-builder who balances assertiveness with partnership—able to challenge, negotiate trade-offs, and still maintain trust.
  • Exceptional written and verbal communication skills; distill complex technical risk into concise, executive-ready narratives and clear action plans.

Preferred Qualifications

  • Certifications such as CISA, CISSP, or equivalent.
  • Prior Big 4 (or similar) experience in IT audit, SOX, or technology risk.
  • Experience with SOX IT General Controls and broader security frameworks.

Skills

Sox ItgcIt AuditCybersecurityRisk ManagementHipaa ComplianceAccess ManagementChange ManagementVulnerability ManagementPenetration TestingRisk Register
Applied Intuition

Security Architect

Applied IntuitionSunnyvale, CA

Leads design and implementation of cybersecurity architectures for automotive systems, ensuring compliance with ISO/SAE 21434 and UN R155/156 standards. Requires 7+ years in embedded automotive security, systems programming in C/C++/Rust, and threat analysis expertise.

197k – 292k/yr
On-site7+ YOESecurity Engineering
Snowflake

Senior Software Engineer

SnowflakeBellevue, WA +1

Senior Software Engineer building Snowflake's core identity, access management, and AI-native security infrastructure for the Data Cloud. Design secure agent workflows, IAM systems, encryption, and policy enforcement tooling at massive scale.

200k – 288k/yr
Hybrid5+ YOESecurity Engineering
Snowflake

Senior Software Engineer, Security Foundations

SnowflakeBellevue, WA

Senior Software Engineer building real-time security detection, prevention, and intelligence systems to protect Snowflake's multi-cloud platform from abuse, account takeovers, data exfiltration, and AI threats using AI/ML and risk scoring. Requires 5+ years software engineering experience with security focus.

200k – 288k/yr
On-site5+ YOESecurity Engineering
Wiz

Threat Detection Researcher

WizNew York, NY

Threat Detection Researcher developing detections and tools to protect customers from cloud, AI, and malware threats. Requires 6+ years in security/threat research, deep OS internals knowledge (Windows/Linux/macOS), Python proficiency, and cloud familiarity.

200k – 250k/yr
On-site6+ YOESecurity Engineering
Snowflake

Senior Software Engineer

SnowflakeBellevue, WA

Senior Software Engineer building critical Identity & Access Management features and AI security capabilities (agent workflows, authentication, authorization, RBAC) for Snowflake's cloud data platform. Requires 7+ years building large-scale distributed systems, IAM expertise, and strong CS fundamentals.

200k – 288k/yr
On-site7+ YOESecurity Engineering