- Governance & Risk Management: Contribute to the ongoing development and maintenance of the GRC framework, policies, and procedures, ensuring alignment with regulatory requirements, privacy standards, and business objectives, particularly regarding PHI protection
- HITRUST Certification: Assist with the HITRUST certification process by gathering necessary documentation, participating in assessments, and ensuring that audits are up to date and complete
- Third-Party Risk Assessments: Aid in conducting third-party risk assessments, ensuring that vendors comply with required security and privacy regulations.
- Collaboration with Cross-Functional Teams: Collaborate with internal teams (e.g., Compliance, Legal, IT) to align risk management practices across the organization and support the overall governance strategy
- Risk Reporting & Analysis: Contribute to the identification and assessment of key risks, helping to produce reports that provide actionable insights
- Continuous Improvement: Stay up to date with industry trends, regulatory changes, and emerging risks to ensure that the company’s GRC practices remain effective and relevant
- Training & Awareness: Promote risk awareness within the organization and provide training and guidance on key regulations
- Oversee tools that highlight data classification inside of the enterprise
- Assist in monitoring security logs and daily activities for suspicious behavior and escalate incidents as necessary
- Assist with the drafting, reviewing, and updating of information security policies to ensure alignment with regulatory requirements and best practices for healthcare organizations
- Actively support the organization’s incident response efforts, including assisting in the investigation, containment, and remediation of security incidents
- Be part of the on-call rotation for incident response, providing critical support during after-hours or emergency security incidents
- Proven experience (3+ years) in GRC or risk management, with a strong focus on governance and risk
- Hands-on experience supporting the management of HITRUST certification
- Strong understanding of risk management principles, frameworks, and methodologies (e.g., NIST, ISO 27001)
- Knowledge of regulatory compliance such as HIPAA, HITRUST, GDPR, CCPA, and PCI DSS
- Experience working with cross-functional teams to drive security and risk initiatives
- Experience in conducting or supporting third-party risk assessments, especially in relation to healthcare data security and privacy
- Excellent communication skills with the ability to explain complex risk and governance concepts to both technical and non-technical stakeholders
- Strong analytical and problem-solving skills
- Ability to work independently and manage multiple priorities in a fast-paced environment
- Strong organizational and time management skills
- Continuous drive to learn and grow professionally in the fields of GRC and information security
- Relevant certifications (e.g., Security+, CRISC, CISM, CISSP)
- Repetitive motions that include the wrists, hands and/or fingers
- Sedentary work that primarily involves sitting, remaining in a stationary position for prolonged periods
- Visual perception to perform job including peripheral vision, depth perception, and the ability to adjust focus
Our Mission
Improving Life Through Better Nutrition at Home
Core Values
Teamwork
Relentlessly Dependable
Appreciation & Respect
Innovation & Constant Improvement
Delivering Excellence
Company Overview
Mom’s Meals is a home-delivered meal service providing fully-prepared, refrigerated meal solutions directly to homes nationwide. For over 20 years, we’ve provided seniors, patients recovering post-discharge, and those managing chronic conditions with tailored nutrition solutions that support individual and unique needs. If you’re passionate about the wellbeing of others and truly want to make a difference, Mom’s Meals could be the place for you! We’re a family-operated company looking for fun, compassionate, and friendly people to join our team.
Equity & EOE Statement
At Mom’s Meals, we recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply to our positions. Please let us know if you require accommodations during the interview process.
Mom’s Meals complies with all applicable federal and state non-discrimination laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.
Effective Date: May 13, 2025
PurFoods, LLC and our affiliated companies (“PurFoods,” “we,” or “us”) are committed to protecting your privacy and are providing the following details regarding how we collect and use the personal information of California residents who are PurFoods employees, independent contractors, job applicants, owners, directors or officers (and their emergency contacts and recipients of employment benefits) (each a “California Employee”).
We are providing this information under the California Consumer Privacy Act. Please read this Privacy Notice to California Employees carefully and provide it to your emergency contacts and recipients of employment benefits.
PurFoods may collect the following categories of personal information:
- Identifiers, such as name, contact information, online identifiers and Social Security numbers and other government-issued ID numbers;
- Personal information, as defined in the California customer records law, such as name, contact information, education information, employment history, financial information and medical and medical insurance information;
- Characteristics of protected classifications under California or federal law, such as sex, age, race, religion, national origin, disability, medical conditions and information, citizenship, immigration status, request for leave and marital status;
- Biometric information, such as fingerprints;
- Internet or network activity information, such as browsing history and interactions with our and other websites and systems;
- Geolocation data, such as device location, vehicle location and IP location;
- Audio, electronic, visual, and similar information, such as photographs or audio or video recordings created in connection with our business activities;
- Professional or employment-related information, such as work history, prior employer, information relating to references, details of qualifications, skills and experience, human resources data, and data necessary for benefits and related administration services;
- Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
We use California Employee personal information for the purposes of operating, managing, and maintaining our business, managing our workforce, and accomplishing our business purposes and objectives, including for example, using personal information to:
- Manage workforce activities and personnel generally, including for recruitment, background screening, performance management, career development, payments administration, employee training, leaves and promotions;
- Perform identity verification, accounting, audit, and other internal functions, such as internal investigations;
- Administer hiring, promotion, and discipline;
- Manage payroll, wages, tax forms and filing, expense reimbursements, and other awards such as stock options, stock grants and bonuses, and provide healthcare, pensions, savings plans and other benefits;
- Calculate insurance and other employee benefits;
- Notify family members in case of an emergency;
- Maintain and secure our facilities, equipment, systems, and infrastructure;
- Protect the health and safety of our workforce and others, and conduct risk and security control and monitoring;
- Conduct research, analytics, and data analysis to assist in planning succession and to ensure business continuity, as well as to design employee retention programs and diversity initiatives;
- Provide an efficient means for personnel to obtain the contact information of their colleagues so they may contact them;
- Monitor use of IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
- Record phone calls for training, quality assurance, and legal compliance purposes;
- Operate and manage IT and communications systems and facilities, allocate company assets and human resources, and undertake strategic planning and project management;
- Obtain legal advice and establish, exercise or defend legal rights, and act on collection and discovery requests in the context of litigation, government investigations or regulatory audits or inquiries; and
- Comply with law, legal process, investigations, internal policies and other requirements such as income tax deductions, monitoring, record-keeping and reporting obligations.
We reserve the right to amend this Privacy Notice to California Employees at our discretion and at any time. When we make changes to this Privacy Notice to California Employees, we will post the updated notice on this webpage with a new “Last Updated” date.
