Manager of Technology Security & Governance

At ConvenientMD, we’re on a mission to make good health more convenient for all – working to improve how patients and providers experience healthcare in New England. To support this belief, we’re building a team of dedicated professionals who genuinely care about improving lives, are passionate about work that can make a difference, and are driven to learn from one another.

The Opportunity

The Manager of Technology Security & Governance will play a critical leadership role in safeguarding the organization’s technology environment while establishing a disciplined, enterprise-wide approach to technology governance. This leader will be responsible for advancing information security and privacy programs that protect patient and organizational data, while also designing and operating a structured intake, prioritization, and oversight process for technology initiatives.

Operating within a highly regulated healthcare environment, this role ensures the confidentiality, integrity, and availability of systems and data, while enabling thoughtful, transparent decision-making around technology investments. The Director will partner closely with IT, Compliance, Clinical, Revenue Cycle, Finance, Operations, and Executive leadership to embed security, privacy, and governance into both strategic planning and day-to-day operations.

This is an opportunity to balance strategic leadership with hands-on execution, building scalable frameworks that support growth, mitigate risk, and drive operational excellence across the enterprise.

This role is not remote. This position is based onsite at ConvenientMD headquarters in Portsmouth, NH.

Your Impact

• Information Security Leadership

• Lead and manage the organization’s technology security function, ensuring robust protection of systems, infrastructure, and sensitive data

• Develop, implement, and continuously evolve comprehensive cybersecurity strategies, policies, and procedures

• Oversee security risk management, including risk assessments, vulnerability management, remediation planning, and risk acceptance processes

• Monitor emerging threats and lead incident response efforts, ensuring rapid, coordinated mitigation and recovery

• Ensure appropriate safeguards are in place across clinical, financial, and operational systems, including EHRs, cloud platforms, and third-party technologies

• Provide clear, executive-level reporting on security posture, risks, and mitigation strategies

• Privacy & Regulatory Compliance

• Partner with Compliance and Legal to support adherence to HIPAA, HITECH, and other applicable privacy regulations

• Contribute to the development and delivery of privacy policies, training programs, and organizational awareness initiatives

• Support audits, regulatory inquiries, and security and privacy assessments

• Champion a culture of security awareness and best practices across the organization

• Technology Governance & Prioritization

• Design, implement, and manage an enterprise-wide technology governance framework, including project intake, evaluation, and prioritization

• Establish clear criteria for assessing technology initiatives, including security, privacy, risk, regulatory impact, resource capacity, and strategic alignment

• Partner with executive leadership to drive transparent portfolio management and prioritization decisions

• Ensure security and privacy considerations are embedded early in project planning and solution design

• Operational Excellence & Continuous Improvement

• Collaborate cross-functionally to deliver secure, scalable, and effective technology solutions

• Analyze support volume and trends to identify opportunities for efficiency and reduction through technology

• Establish and track KPIs, driving accountability, continuous improvement, and program maturity

• Strategic Partnership & Communication

• Act as a trusted advisor to executives, clinicians, and business leaders on security, privacy, and governance matters

• Translate complex technical and regulatory concepts into clear, actionable, business-focused insights

Who You Are

• Experience: Minimum of 4 years of experience in healthcare technology and 4 years in IT security and governance

• Healthcare technology leader: Proven track record of building and managing high-performing security and governance programs within a healthcare environment

• Cybersecurity expert: Deep understanding of cybersecurity frameworks, threat management, incident response, and regulatory requirements in healthcare

• Strategic and hands-on operator: Ability to balance long-term strategy with day-to-day execution in a complex, regulated environment

• Clear and influential communicator: Skilled at translating complex technical concepts into business-focused insights for diverse stakeholders

• Process and governance builder: Experienced in developing policies, documentation, and structured frameworks that drive consistency, accountability, and scalability

• Collaborative partner: Trusted relationship-builder who works effectively across IT, Compliance, Clinical, and executive teams

Why You'll Love Working With Us

• Collaborative team environment that encourages professional growth

• Urgent care services at no cost to our team members and their families

• Extensive benefit offerings including health, dental, and vision coverage, company paid short-term disability, and optional pet insurance

• 401k match after one year of service

• Access to our primary care (depending on location)

• Educational Alliance with Purdue University Global and reduced tuition rates for team members and their families

• Employer rewards and access to discounts offered on services and products such as hotels, travel, entertainment, restaurants, and more

There's a job and then there's purposeful, transformative work. Our aim is to create a workplace where you can learn, grow, and continuously refine your skills. Applicants rarely meet every single job requirement, and we appreciate that many skills and backgrounds can make people successful in this role. We are committed to creating a strong sense of belonging for all team members, and our process is designed to prevent discrimination against applicants regardless of gender identity, sexual orientation, religion, ethnicity, age, disability status, or any other aspect which makes you unique. If you’re looking for a great next step, and want to feel good about what you do, we’d love to hear from you.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.