Manager,TechnologyRisk

ABOUT THE ROLE The Technology Risk Manager is a senior individual contributor responsible for driving Hinge Health’s technology risk posture across security, infrastructure, and IT. You’ll act as the primary owner for technology risk across multiple teams rather than as a pure advisor. The role has broad exposure to Security , IT, Engineering leadership, and you’re expected to confidently surface risks, drive clear risk evaluations, and collaborate with partners to land practical remediation decisions. You’ll work closely with Application Security, Engineering , Security, and IT to translate technical vulnerabilities into business risk, maintain the Technology Risk Register, and ensure high-quality, timely remediation in a PHI-handling and heavily regulated environment. WHAT YOU’LL DO - Maintain and continuously refine the Technology Risk Register, documenting cyber, operational, and regulatory risks with clear ratings, owners, and mitigation plans. - Track and drive remediation progress across engineering and IT teams, escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs. - Regulatory Compliance & Governance (SOX & HIPAA). - Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing, documentation, and evidence collection. - Coordinate and track remediation of SOX ITGC findings, ensuring clear ownership, high-quality corrective actions, and timely closure to prevent control deficiencies and material weaknesses. - Partner with Security, Accounting, Legal/Compliance, and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements. - Partner with Application Security, SRE, and Infrastructure teams to aggregate, prioritize, and track code vulnerabilities, penetration-testing findings, and infrastructure risks across the SDLC. - Analyze vulnerability trends (by system, control, and data sensitivity) to help teams focus on th