apree health brings together a best-in-class engagement platform with an advanced primary care model to provide a vastly better health and care experience, improve outcomes, and significantly lower the total cost of care for a population.
Job Description Summary
The Governance Specialist is responsible for supporting apree health’s governance, risk, and compliance programs to ensure adherence to regulatory, contractual, and internal security requirements. This role will manage customer audits, maintain certifications, and coordinate responses to security questionnaires. The specialist will work closely with internal teams and external partners to demonstrate our commitment to protecting sensitive healthcare data and meeting industry standardHow will you make an impact & Requirements
Key Responsibilities:
Continuously refine and optimize organizational security certification (e.g., HITRUST, SOC 2) and customer security audit strategies, overseeing security related evidence collection, control validation, and audit readiness to ensure sustained compliance and successful renewals.
Author, review, and proactively enhance comprehensive responses to security questionnaires and due diligence requests from healthcare partners and customers, leveraging deep knowledge of security controls, technical architecture and organizational posture to articulate apree health's security capabilities effectively.
Act as a subject matter expert and trusted advisor to internal stakeholders, interpreting security related compliance obligations, providing guidance on control implementation, and fostering a culture of security awareness across the organization.
Collaborate closely with vendor management, security, privacy and compliance teams to quantify, capture or rationalize risks and corresponding mitigating controls.
Work cross-functionally with business units to identify risks, and oversee the design and implementation of controls that improve security posture.
Maintain a thorough understanding of apree's tech stack, architecture and controls to provide concise go-to-market and customer support.
Assist with tracking governance and compliance metrics and contribute to risk management activities.
Stay up to date with changes in regulatory and compliance requirements affecting healthcare data security.
Qualifications:
Bachelor’s degree in Information Systems, Business, or related field.
3–5 years of experience in IT governance, risk, and compliance, preferably in healthcare with a deep understanding of security controls and architecture.
Familiarity with HIPAA, HITRUST, ISO, SOC2, and other security frameworks.
Demonstrated ability to quantify risk, identify mitigations and enact change.
Strong organizational skills with the ability to manage multiple projects and deadlines.
Excellent written and verbal communication skills, with a proven ability to articulate complex technical and compliance concepts clearly and concisely to diverse audiences, including executive leadership and external partners.
Compensation: $74,083K – $111,125K annual salary
