I think I came up with a suitable workaround for this scenario.
By creating a "metagroup" and having the service template autoassign to this group, I can combine members of the other groups into this new metagroup and give them access to view the entire ticket without viewing the tickets assigned to the other groups.
This does not solve the issue with sensitive data in the new hire request but gets me past the main sticking point of having the ticket accessible to more than one group at a time.
As I tested this, I found that there is no security to prevent one group from editing another groups tasks. Is there any upcoming enhancement to address that?