If you’re the type who can keep audits calm, vendors honest, and evidence flowing without chasing people for three weeks, this role is built for you. You’ll run Security Assurance day-to-day, own Vanta, and keep RethinkFirst continuously audit-ready across SOC 2 Type II, HIPAA, and HITRUST in a cloud-forward SaaS environment.
About RethinkFirst
RethinkFirst is a behavioral health technology company making mental wellness, education, and support more accessible and scalable. Through platforms like RethinkEd, RethinkCare, and RethinkBH, they serve educators, employers, and providers with tools designed to deliver measurable outcomes.
Schedule
Full-time | Remote
Remote eligibility: AL, AZ, CT, FL, GA, HI, IA, IL, IN, KY, LA, MD, MA, MI, MN, MO, MT, NC, NE, NH, NJ, NV, OH, OR, PA, RI, TN, TX, VA, WA, WI, WY
What You’ll Do
- Lead Security Assurance across SOC 2, HIPAA, HITRUST, and related frameworks with year-round audit readiness
- Program-manage audits end-to-end, coordinating evidence collection with Legal, HR, Engineering, Product, and Infrastructure
- Own Vanta hands-on, including implementation, configuration, optimization, and ongoing operations:
- Control mapping and ownership assignments
- Evidence collection workflows and repositories
- Vendor risk modules and workflows
- Trust Center and client-facing security responses (questionnaires, RFPs, audit requests)
- Build and maintain audit calendars, evidence playbooks, and standardized collection processes
- Drive security policy, standards, and procedure development and upkeep
- Run Third-Party Risk Management: vendor tiering (including Tier 1/BAA), questionnaires, residual risk scoring, and contract security reviews
- Partner with SecOps to ensure tools (Tenable, Defender, Sentinel, etc.) produce audit-ready evidence and that operational controls stay compliant
- Support AppSec alignment with compliance requirements, including secure SDLC processes, risk assessments, and remediation tracking
What You Need
- 7+ years in Information Security, with 3+ years in GRC/Security Assurance leadership
- Hands-on Vanta experience (required)
- Proven work supporting SOC 2 Type II, HIPAA Security Rule, and HITRUST in a SaaS environment
- Strong Microsoft Azure security knowledge (Entra ID, RBAC, Conditional Access, Defender for Cloud, Sentinel, workload identities)
- Solid grasp of audit control design, evidence expectations, and control operation
- Experience building and running vendor risk programs, including DPAs/BAAs and due diligence
- Strong writing skills for policies, audit documentation, and customer security responses
- Comfortable leading cross-functional projects with deadlines and competing priorities
Benefits
- Health, dental, and vision coverage
- Flexible paid time off
- 11 paid company holidays
- 401(k) with matching
- Parental leave
- Access to RethinkCare platform supporting neurodiversity, resilience, and wellbeing
One quick gut-check: this is not a “set it and forget it” compliance gig. You’ll be herding cats across Engineering, HR, Legal, and vendors while keeping Vanta clean and audits smooth. If that sounds like control, clarity, and momentum to you, this role is a solid move.
Happy Hunting,
~Two Chicks…