Director, Governance, Risk, and Compliance (Healthcare)

TL;DR

Director, Governance, Risk, and Compliance (Healthcare): Defining and executing security governance and risk strategies for a public technology-enabled healthcare company with an accent on regulatory compliance and risk-driven governance. Focus on managing third-party GRC vendors, scaling compliance frameworks, and aligning security posture with enterprise growth objectives.

Location: Remote (USA)

Salary: $212,000 - $230,000 USD

Company

A public technology-enabled healthcare company reinventing health insurance by combining data with human empathy to provide personalized care.

What you will do

• Define and evolve the security governance and risk management strategy aligned with NIST and HIPAA frameworks.
• Lead security compliance for federal and state regulatory obligations as a public healthcare entity.
• Manage third-party GRC services vendors and lead the end-to-end third-party risk management program.
• Govern security incident response, crisis management, disaster recovery, and business continuity processes.
• Collaborate cross-functionally with Engineering, Legal, and Finance to resolve complex security and compliance issues.
• Communicate security risk posture and strategic tradeoffs to executive leadership and the Board.

Requirements

• 8+ years of experience in information security, GRC, or risk management.
• Must be based in the USA.
• Demonstrated experience leading compliance programs in regulated environments, specifically with HIPAA and healthcare security requirements.
• Experience operating within a public company or similarly regulated environment.
• Proven track record of managing third-party GRC vendors and staff augmentation.
• Hands-on experience with incident response governance and disaster recovery.

Nice to have

• Familiarity with NIST CSF v2 and NIST AI RMF.
• Experience supporting AI-enabled, data-intensive healthcare platforms.
• Relevant certifications such as CISM or CRISC.
• Service-management and automation mindset.

Culture & Benefits

• Competitive base salary, equity opportunities, and performance-based bonuses.
• Comprehensive medical, dental, and vision coverage with 401k matching.
• Remote-first culture with flexible time-off, No-Meeting Fridays, and monthly company holidays.
• Financial perks including Employee Stock Purchase Plan (ESPP), cell phone, and internet stipends.
• Reimbursement for office setup expenses and professional development funding.
• Paid parental leave for all new parents.