Senior Technical Program Manager, Security

June 2, 2026

Aledade exists to help independent primary care practices survive and thrive — and to bend the healthcare cost curve by reducing the most suffering and saving the most lives. That mission runs on trust: trust that patient data is protected, that financial controls hold, that the systems clinicians and patients depend on are secure and reliable. This role exists to scale that trust through security as a foundation, not the friction. As Sr Security TPM, you bring vision and depth across multiple disciplines: the controls and compliance frameworks that are non-negotiable in healthcare and financial operations, the engineering instincts that come from understanding how engineering teams actually work — their cycles, their constraints, their craft — and knowing how to weave security into that fabric as a native discipline, not an outside requirement, and the program leadership to make it all move at the speed the technology landscape demands. You understand where a security program is, what it needs to become, and how to build the structures that get it there — durably, extensibly, and without creating hurdles or stovepipes along the way. You see security as infrastructure. You engineer the highways — not the roadblocks — so that the compliance requirements, control frameworks, and engineering practices that protect Aledade’s patients, practices, and people aren’t obstacles to work around. They’re already built into how work gets done, smoothing the way for the trust this mission depends on. Primary Duties<div> Diagnose, prioritize, and drive security program maturity <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality — without waiting to be handed a problem statement </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Hold the line on outcomes — not activity or artifacts. </li> </ul> Translate security requirements into engineering practice <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Own the intersection of what security requires and what engineering can build — and move both sides toward it, fluently </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Remove the blockers that sit between security intent and engineering execution </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Build the habits and structures that outlast any individual program or initiative </li> </ul> Own the compliance surface without losing sight of real risk <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale — not just satisfy milestone audits </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Sequence compliance investments against where the company is going, not just where it’s been </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale </li> </ul> Shape the AI security framework before it becomes a crisis <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Operate with conviction in a space where the industry is still writing the rules </li> </ul> Drive alignment across a complex, high-stakes intersection <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Operate at the seam between security, engineering, compliance, legal, and finance — without owning any of the headcount </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path, not walking it for them </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team </li> </ul> </div> Minimum Qualifications<div> <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> 10+ years in technical program management at Staff-level scope — cross-org, ambiguous, high-stakes security programs </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Deep security domain fluency: frameworks, controls, HIPAA and financial-specific obligations, risk management — and how all of it maps to real engineering decisions </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Technical judgment strong enough to question the status quo, challenge architectural decisions, and identify real risk versus inherited noise </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Proven track record of transforming security programs — advancing maturity, closing gaps, and positioning programs for where the business is going </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Influence without authority across senior security, engineering, compliance, and executive stakeholders </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Outcomes orientation: risk reduction and program maturity </li> </ul> </div> Preferred KSA’s<div> <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Experience in healthcare or other highly regulated environments where security failure has consequences beyond the company </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Track record of building security governance and operating models from the ground up </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Familiarity with AI and ML risk frameworks and emerging AI governance practice </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Operated at a company in significant growth — where the security foundation had to be built while the business was already running on it </li> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif;"> Can move between a threat model conversation with a security engineer and a risk framing conversation with a CFO without losing accuracy in either direction </li> </ul> </div> Physical Requirements<div> <ul style="margin-top: 0px; margin-bottom: 0px; padding-inline-start: 48px;"> <li style="font-size: 10pt; font-family: 'IBM Plex Sans', sans-serif; font-style: italic;"> Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required. </li> </ul> </div> Who We Are:Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place. What Does This Mean for You?At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission. In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members: Flexible work schedules and the ability to work remotely are available for many rolesHealth, dental and vision insurance paid up to 80% for employees, dependents and domestic partnersRobust time-off plan (21 days of PTO in your first year)Two paid volunteer days and 11 paid holidays12 weeks paid parental leave for all new parentsSix weeks paid sabbatical after six years of serviceEducational Assistant Program and Clinical Employee Reimbursement Program401(k) with up to 4% matchStock optionsAnd much more! At Aledade, we don’t just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation. Privacy Policy: By applying for this job, you agree to Aledade's Applicant Privacy Policy available at <a class="postings-link" style="font-size: small" href="https://www.aledade.com/privacy-policy-applicants">https://www.aledade.com/privacy-policy-applicants</a>

Back to blog

DISCLAIMER

Senior Technical Program Manager, Security

Other Jobs To Apply