Aledade exists to help independent primary care practices survive and thrive — and to bend the healthcare cost curve by reducing the most suffering and saving the most lives. That mission runs on trust: trust that patient data is protected, that financial controls hold, that the systems clinicians and patients depend on are secure and reliable.

This role exists to scale that trust through security as a foundation, not the friction.

As Sr Security TPM, you bring vision and depth across multiple disciplines: the controls and compliance frameworks that are non-negotiable in healthcare and financial operations, the engineering instincts that come from understanding how engineering teams actually work — their cycles, their constraints, their craft — and knowing how to weave security into that fabric as a native discipline, not an outside requirement, and the program leadership to make it all move at the speed the technology landscape demands. You understand where a security program is, what it needs to become, and how to build the structures that get it there — durably, extensibly, and without creating hurdles or stovepipes along the way.

You see security as infrastructure. You engineer the highways — not the roadblocks — so that the compliance requirements, control frameworks, and engineering practices that protect Aledade’s patients, practices, and people aren’t obstacles to work around. They’re already built into how work gets done, smoothing the way for the trust this mission depends on.

Diagnose, prioritize, and drive security program maturity

• Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt

• Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality — without waiting to be handed a problem statement

• Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives

• Hold the line on outcomes — not activity or artifacts.

Translate security requirements into engineering practice

• Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship

• Own the intersection of what security requires and what engineering can build — and move both sides toward it, fluently

• Remove the blockers that sit between security intent and engineering execution

• Build the habits and structures that outlast any individual program or initiative

Own the compliance surface without losing sight of real risk

• Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale — not just satisfy milestone audits

• Sequence compliance investments against where the company is going, not just where it’s been

• Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale

Shape the AI security framework before it becomes a crisis

• Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build

• Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against

• Operate with conviction in a space where the industry is still writing the rules

Drive alignment across a complex, high-stakes intersection

• Operate at the seam between security, engineering, compliance, legal, and finance — without owning any of the headcount

• Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path, not walking it for them

• Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper

• Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives

• Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team

• 10+ years in technical program management at Staff-level scope — cross-org, ambiguous, high-stakes security programs

• Deep security domain fluency: frameworks, controls, HIPAA and financial-specific obligations, risk management — and how all of it maps to real engineering decisions

• Technical judgment strong enough to question the status quo, challenge architectural decisions, and identify real risk versus inherited noise

• Proven track record of transforming security programs — advancing maturity, closing gaps, and positioning programs for where the business is going

• Influence without authority across senior security, engineering, compliance, and executive stakeholders

• Outcomes orientation: risk reduction and program maturity

• Experience in healthcare or other highly regulated environments where security failure has consequences beyond the company

• Track record of building security governance and operating models from the ground up

• Familiarity with AI and ML risk frameworks and emerging AI governance practice

• Operated at a company in significant growth — where the security foundation had to be built while the business was already running on it

• Can move between a threat model conversation with a security engineer and a risk framing conversation with a CFO without losing accuracy in either direction

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.

Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place.

At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission.

In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members:

Flexible work schedules and the ability to work remotely are available for many roles

Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners

Robust time-off plan (21 days of PTO in your first year)

Two paid volunteer days and 11 paid holidays

12 weeks paid parental leave for all new parents

Six weeks paid sabbatical after six years of service

Educational Assistant Program and Clinical Employee Reimbursement Program

401(k) with up to 4% match

Stock options

And much more!