[Hiring] Senior Technical Program Manager, Security @Aledade

Role Description

Aledade exists to help independent primary care practices survive and thrive — and to bend the healthcare cost curve by reducing the most suffering and saving the most lives. This role exists to scale that trust through security as a foundation, not the friction.

As Sr Security TPM, you bring vision and depth across multiple disciplines:

• The controls and compliance frameworks that are non-negotiable in healthcare and financial operations.
• The engineering instincts that come from understanding how engineering teams actually work — their cycles, their constraints, their craft.
• Program leadership to make it all move at the speed the technology landscape demands.

You see security as infrastructure. You engineer the highways — not the roadblocks — so that the compliance requirements, control frameworks, and engineering practices that protect Aledade’s patients, practices, and people aren’t obstacles to work around.

Primary Duties

• Diagnose, prioritize, and drive security program maturity.
• Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt.
• Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality.
• Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives.
• Hold the line on outcomes — not activity or artifacts.
• Translate security requirements into engineering practice.
• Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship.
• Own the intersection of what security requires and what engineering can build.
• Remove the blockers that sit between security intent and engineering execution.
• Build the habits and structures that outlast any individual program or initiative.
• Own the compliance surface without losing sight of real risk.
• Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale.
• Sequence compliance investments against where the company is going, not just where it’s been.
• Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale.
• Shape the AI security framework before it becomes a crisis.
• Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build.
• Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against.
• Operate with conviction in a space where the industry is still writing the rules.
• Drive alignment across a complex, high-stakes intersection.
• Operate at the seam between security, engineering, compliance, legal, and finance.
• Eliminate toil that crushes effectiveness of the subject matter experts around you.
• Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper.
• Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives.
• Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team.

Qualifications

• 10+ years in technical program management at Staff-level scope — cross-org, ambiguous, high-stakes security programs.
• Deep security domain fluency: frameworks, controls, HIPAA and financial-specific obligations, risk management.
• Technical judgment strong enough to question the status quo, challenge architectural decisions, and identify real risk versus inherited noise.
• Proven track record of transforming security programs — advancing maturity, closing gaps, and positioning programs for where the business is going.
• Influence without authority across senior security, engineering, compliance, and executive stakeholders.
• Outcomes orientation: risk reduction and program maturity.

Requirements

• Experience in healthcare or other highly regulated environments where security failure has consequences beyond the company.
• Track record of building security governance and operating models from the ground up.
• Familiarity with AI and ML risk frameworks and emerging AI governance practice.
• Operated at a company in significant growth — where the security foundation had to be built while the business was already running on it.
• Can move between a threat model conversation with a security engineer and a risk framing conversation with a CFO without losing accuracy in either direction.

Physical Requirements

• Sitting for prolonged periods of time.
• Extensive use of computers and keyboard.
• Occasional walking and lifting may be required.

Benefits

• Flexible work schedules and the ability to work remotely are available for many roles.
• Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners.
• Robust time-off plan (21 days of PTO in your first year).
• Two paid volunteer days and 11 paid holidays.
• 12 weeks paid parental leave for all new parents.
• Six weeks paid sabbatical after six years of service.
• Educational Assistant Program and Clinical Employee Reimbursement Program.
• 401(k) with up to 4% match.
• Stock options.
• And much more!

Company Description

Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care.

Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy.

If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place.