IT and Security Project Manager
IT & Security Program Manager
WellHive operates a healthcare technology platform under HIPAA, and we're pursuing
organization-level certifications including HITRUST and SOC 2 Type 2. We're maturing our
corporate IT and security posture across our SaaS and endpoint estate, and we're hiring a
program manager to own that effort end to end.
You'll drive a roadmap of security hardening initiatives across our SaaS tools, direct the external
IT partner(s) who carry out implementation, make and validate the day-to-day technical
decisions, and run the testing and rollout. You'll also be the IT/security point person for our
org-level audits — owning the corporate-IT control domains, maintaining evidence, and
engaging assessors directly. You'll work with leadership on the calls that matter (risk, budget,
compliance posture) and own everything below that line.
This is a senior, hands-on role. You should be as comfortable in an admin console validating a
configuration as you are running a program plan, holding a contractor to a statement of work, or
walking an assessor through a control.
Responsibilities
- Own a multi-effort IT/security hardening roadmap and drive it to delivered, validated
controls.
- Direct external IT partner(s) on implementation: scope, acceptance, quality.
- Make and defend implementation and sequencing decisions; escalate risk and budget.
- Run validation, phased rollout, and user-facing change.
- Keep the work aligned to HIPAA and to HITRUST / SOC 2 Type 2.
- Own corporate-IT control domains for our audits, maintain evidence, and engage
Assessors.
Requirements
- Senior IT/security experience with hands-on IAM and SaaS administration.
- A track record in a regulated environment (HIPAA, SOC 2, HITRUST, or similar).
- Experience engaging auditors/assessors and maintaining control evidence (HITRUST
CSF or SOC 2 a plus).
- Experience managing contractors/MSPs to a statement of work.
- The judgment to make technical security decisions independently.
- Program management across concurrent workstreams.
Nice to Have
- Google Workspace and/or Okta administration depth; DLP and device-management
(Jamf / Kandji / Intune) familiarity; IaC literacy.
Salary: $150,000-$195,000