Manager, Security
Nashville, TN · On-site
Owns Third-Party Risk Management (TPRM) and vendor risk. Build and operate the vendor intake, review, re-assessment, and offboarding process; set risk tiers; integrate with Procurement and Legal ...
Manager, Security
Nashville, TN · On-site
Owns Third-Party Risk Management (TPRM) and vendor risk. Build and operate the vendor intake, review, re-assessment, and offboarding process; set risk tiers; integrate with Procurement and Legal ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
OwnsThird-Party Risk Management (TPRM) and vendor risk. Build andoperate the vendor intake, review, re-assessment, and offboarding process; set risk tiers; integrate with Procurement and Legal ...
OwnsThird-Party Risk Management (TPRM) and vendor risk. Build andoperate the vendor intake, review, re-assessment, and offboarding process; set risk tiers; integrate with Procurement and Legal ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Conducts interviews with company senior management, business owners, and stakeholders to confirm ... Conducts solutions to build technical security reviews and assessments of applications, processes ...
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will review projects and change management activities within RRL for compliance to ...
... security risk assessments in high-security environments. You will have professional experience ... You will review projects and change management activities within RRL for compliance to ...
Risk Assessment & Operational Support * Monitor national and international events to identify ... Proven project management capabilities with success delivering complex, multistakeholder ...
Risk Assessment & Operational Support * Monitor national and international events to identify ... Proven project management capabilities with success delivering complex, multistakeholder ...
Security
Chattanooga, TN · On-site
Conduct regular risk assessments to identify potential security vulnerabilities and develop mitigation strategies. * Manage and supervise security personnel, including hiring, training, scheduling ...
Security
Chattanooga, TN · On-site
Conduct regular risk assessments to identify potential security vulnerabilities and develop mitigation strategies. * Manage and supervise security personnel, including hiring, training, scheduling ...
Senior Risk Assessor
Knoxville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Knoxville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Nashville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Nashville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Perform high-quality and high-integrity Cyber and Information Security technical risk assessments, root cause analysis and risk investigations on IT and Cloud architectures, infrastructures ...
Perform high-quality and high-integrity Cyber and Information Security technical risk assessments, root cause analysis and risk investigations on IT and Cloud architectures, infrastructures ...
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
... security professionals with wide-spread responsibility; coordinating data-driven risk assessments ... The Manager will also assist in the development of information security and information technology ...
... security professionals with wide-spread responsibility; coordinating data-driven risk assessments ... The Manager will also assist in the development of information security and information technology ...
Manager Security Risk Assessment information
What is the difference between Manager Security Risk Assessment vs Security Analyst?
| Aspect | Manager Security Risk Assessment | Security Analyst |
|---|---|---|
| Certifications | CISSP, CISM, CRISC | CISSP, Security+ |
| Work Environment | Oversees security programs, manages teams | Analyzes security threats, monitors systems |
| Industry Usage | Common in organizations with complex security needs | Widely used across various industries for threat detection |
The Manager Security Risk Assessment focuses on leading security risk evaluations, managing teams, and developing security strategies. In contrast, a Security Analyst primarily monitors security systems, analyzes threats, and responds to incidents. Both roles require relevant certifications and work within the cybersecurity industry, but their responsibilities differ in scope and focus.
What are the most commonly searched types of Security Risk Assessment jobs in Tennessee? The most popular types of Security Risk Assessment jobs in Tennessee are:
What cities in Tennessee are hiring for Manager Security Risk Assessment jobs? Cities in Tennessee with the most Manager Security Risk Assessment job openings:
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Posted 21 days ago
Job description
Description
Manager, Security Overview
The Manager, Security (Governance, Risk & Compliance) plays a critical role in protecting Wayspring's mission and reputation by ensuring we are trusted, audit-ready, and confident in how we safeguard data. This leader owns our healthcare compliance and security assurance programs - including HIPAA, HITRUST, and vendor risk - and serves as the clear point person for how we demonstrate security to clients, partners, auditors, and regulators. More than checking boxes, this role helps turn our security posture into a true business advantage by accelerating client trust, enabling sales, and strengthening Wayspring's long-term regulatory foundation.
This is a high-impact, hands-on role for someone who enjoys building smart, scalable programs and reducing friction across the organization. You'll work closely with teams across Legal, IT, Engineering, Compliance, and the business to embed security into real workflows - not just policies on paper. With ownership of key audits, automation strategy, and future GRC growth, this role offers the opportunity to shape how compliance works at Wayspring as we scale, while making a measurable difference in how quickly and confidently we serve members and partners. This role reports to the VP, Architecture & Security and partners closely with Legal and Compliance to support enterprise regulatory and contractual obligations through effective security and technology governance.
Why Wayspring?
We are passionate about breaking barriers alongside those facing substance use disorder. Whether you're in the field or in the corporate office - our mission is felt, and your impact is recognized. There is no inner circle, and we all have a seat at the table. Leaders are accessible and silos are avoided. We respect your craft and love to be challenged. We invest not only in our mission, but in each other. Internal promotions and cross departmental training are the norm - you grow, we grow.
Investment in your growth: Wayspring provides an annual learning and certification budget that can be used for conferences (e.g., HIMSS, HITRUST Collaborate, RSA), training, and industry certifications (e.g., CISSP, CISM, CRISC, HITRUST CCSFP maintenance). We are eager to support your continued development in this role.
Responsibilities of the Manager, Security
Management Practices & Expectations
Ownership & Accountability
The following expectations apply to every technical leader, with scope, impact, and accountability increasing at higher levels:
Requirements and Preferred Qualifications
Preferred
Our goal is to foster a workplace where everyone feels a true sense of belonging, is supported, and empowered to thrive. We actively seek different backgrounds, perspectives, and experiences-because we believe that drives better performance and innovation. We're committed to identifying and removing barriers for the communities we serve.
Benefit Summary
Creating a great employee experience takes more than just perks-but let's be real, those matter too. Here's how we're building a company where you, your family, your pets, and your passions can thrive
Manager, Security Overview
The Manager, Security (Governance, Risk & Compliance) plays a critical role in protecting Wayspring's mission and reputation by ensuring we are trusted, audit-ready, and confident in how we safeguard data. This leader owns our healthcare compliance and security assurance programs - including HIPAA, HITRUST, and vendor risk - and serves as the clear point person for how we demonstrate security to clients, partners, auditors, and regulators. More than checking boxes, this role helps turn our security posture into a true business advantage by accelerating client trust, enabling sales, and strengthening Wayspring's long-term regulatory foundation.
This is a high-impact, hands-on role for someone who enjoys building smart, scalable programs and reducing friction across the organization. You'll work closely with teams across Legal, IT, Engineering, Compliance, and the business to embed security into real workflows - not just policies on paper. With ownership of key audits, automation strategy, and future GRC growth, this role offers the opportunity to shape how compliance works at Wayspring as we scale, while making a measurable difference in how quickly and confidently we serve members and partners. This role reports to the VP, Architecture & Security and partners closely with Legal and Compliance to support enterprise regulatory and contractual obligations through effective security and technology governance.
Why Wayspring?
We are passionate about breaking barriers alongside those facing substance use disorder. Whether you're in the field or in the corporate office - our mission is felt, and your impact is recognized. There is no inner circle, and we all have a seat at the table. Leaders are accessible and silos are avoided. We respect your craft and love to be challenged. We invest not only in our mission, but in each other. Internal promotions and cross departmental training are the norm - you grow, we grow.
Investment in your growth: Wayspring provides an annual learning and certification budget that can be used for conferences (e.g., HIMSS, HITRUST Collaborate, RSA), training, and industry certifications (e.g., CISSP, CISM, CRISC, HITRUST CCSFP maintenance). We are eager to support your continued development in this role.
Responsibilities of the Manager, Security
- Runs client security due-diligence as a sales-enablement function. Owns the questionnaire response process, pre-fill library, and SLA commitments so that security accelerates deal velocity. Partners with Business Development and Account Management to turn our security posture into a competitive advantage
- Owns Third-Party Risk Management (TPRM) and vendor risk. Build and operate the vendor intake, review, re-assessment, and offboarding process; set risk tiers; integrate with Procurement and Legal workflows
- Owns the GRC platform and evidence automation strategy. Drives continuous control monitoring, automated evidence collection, and measurable reductions in manual compliance work
- Develops, maintains, and enforces Wayspring's information security policies and procedures, ensuring they reflect actual organizational practice
- Owns the company-wide security awareness program-phishing simulations, annual training, and role-based training for high-risk populations (executives, engineering, clinical operations)
- Owns and manages Wayspring's HITRUST certification lifecycle end-to-end: scoping, readiness, full and interim assessments, evidence collection, gap remediation, and auditor coordination
- Leads PCI DSS compliance for the scope relevant to Wayspring's member payment processing, applying right-sized controls (e.g., SAQ-aligned where appropriate) that match the risk profile
- Drives concrete outcomes against Wayspring's stated security commitments: close findings on defined timelines, track attestation coverage, and report posture metrics to the VP, Architecture & Security
- Partners with Legal, Compliance, HR, and IT & Infrastructure to embed compliance into business processes from the start
Management Practices & Expectations
- Remains actively engaged in the healthcare regulatory and compliance landscape (e.g., OCR enforcement trends, HIPAA/HICCUP, HITRUST CSF updates, state privacy laws) to anticipate changes rather than react to them
- Ensures compliance activities meet security, reliability, and cost expectations, so compliance creates durable business value beyond audit outcomes
- Drives automation and leverage to reduce manual compliance burden for every team at Wayspring
- Uses AI-assisted tools to accelerate policy drafting, evidence analysis, questionnaire responses, and compliance research, while remaining accountable for decisions
- Builds and maintain strong relationships with external auditors, assessors, and regulatory bodies
- Represent Wayspring's compliance posture credibly to clients, prospects, regulators, and executive stakeholders
Ownership & Accountability
- Accountable for Wayspring's compliance posture across HITRUST, HIPAA, and the in-scope portion of PCI DSS
- Accountable for timely, accurate, high-quality completion of client security questionnaires and due-diligence requests
- Accountable for third-party and vendor risk across the organization
- Owns the integrity and currency of all security policies, procedures, and training programs
- Owns building and developing GRC capacity, including future hiring as the program scales
The following expectations apply to every technical leader, with scope, impact, and accountability increasing at higher levels:
- Security comes first. Leaders are accountable for ensuring their teams operate with strong security, privacy, and compliance awareness.
- Leaders own outcomes, not just activity. Delivery, quality, reliability, and sustainability are core responsibilities.
- Functional leadership matters. Leaders actively guide technical direction, standards, and decision-making within their domain.
- Systems and teams are treated as products. Processes, team structures, and delivery mechanisms are intentionally designed and continuously improved.
- Automation and leverage are expected. Leaders push teams to reduce manual work and improve scalability through tooling and process improvement.
- Cross-functional collaboration is essential. Leaders partner effectively across disciplines to deliver outcomes.
- AI tools are used to increase effectiveness. Leaders may use AI-assisted tools to support planning, analysis, documentation, and communication, while remaining accountable for decisions.
Requirements and Preferred Qualifications
- 5+ years of experience in information security governance, risk, and compliance, with at least 2 years in a healthcare or health-tech environment
- Direct, hands-on experience leading at least one HITRUST certification cycle (CSF assessments and evidence lifecycle)
- Strong working knowledge of HIPAA requirements and how they apply in a clinical services environment
- Experience owning client security questionnaire responses and external audit engagements
- Experience operating a modern GRC platform (continuous control monitoring and automated evidence collection), with the judgment to select or transition platforms as the program matures
- Demonstrated ability to write, maintain, and operationalize security policies and procedures
- Strong communication skills with the ability to translate compliance requirements into business-friendly language for non-technical stakeholders
Preferred
- Experience building or running a Third-Party Risk Management program
- Familiarity with the narrow-scope application of PCI DSS to member payment processing in a healthcare context
- Experience partnering directly with Business Development and Account Management on security-as-sales-enablement
- Experience in substance use disorder, behavioral health, or Medicare-adjacent healthcare environments
- Relevant certifications: CISSP, CISM, CRISC, HCISPP, HITRUST CCSFP, or equivalent
Our goal is to foster a workplace where everyone feels a true sense of belonging, is supported, and empowered to thrive. We actively seek different backgrounds, perspectives, and experiences-because we believe that drives better performance and innovation. We're committed to identifying and removing barriers for the communities we serve.
Benefit Summary
Creating a great employee experience takes more than just perks-but let's be real, those matter too. Here's how we're building a company where you, your family, your pets, and your passions can thrive
- Comprehensive Medical, Dental and Vision Insurance options - including options for your pets!
- Company funded HSA + Monthly Gym Allowance
- Paid parental leave - all parents included!
- Company paid short term disability, long term disability and life insurance
- 401k with company match
- Premium Employee Assistance Program, inclusive of counseling sessions
- Pardon and Expungement Scholarship Program
- Company Contributions to Future Minded Savings (HSA and Emergency savings fund)
- Generous PTO package (accrual policy based on years of service) and an additional 10 paid company holidays
- Company 2 week paid sabbatical program!
- Provider Benefits include ASAM training and membership + $2,500 CEU annual stipend and more!
About Wayspring
Sourced by ZipRecruiter
Industry
Health care and social assistance
Company size
51 - 200 Employees
Headquarters location
Nashville, TN, US
Year founded
2012