Senior Manager, Governance, Risk, & Compliance (GRC)

Responsibilities:

• Lead the development, implementation, and evolution of a comprehensive governance, risk, and compliance program aligned with standards such as ISO 27001, SOC2, GDPR, and other global regulatory expectations
• Own the enterprise risk register, delivering ongoing visibility, prioritization, and executive-level reporting across key risk domains
• Drive the third-party risk management lifecycle, overseeing vendor risk assessments and due diligence in partnership with Legal, IT, and Security
• Oversee the development and lifecycle of scalable policies, standards, and training programs that promote security awareness and strengthen organizational compliance
• Serve as the lead point of contact for internal and external audits and assessments, managing evidence workflows and driving remediation to completion
• Identify, implement, and improve GRC tools, processes, and metrics to support program scale, transparency, and accountability
• Support incident response processes by ensuring regulatory alignment, breach documentation, and post-incident reviews are conducted and integrated into risk and compliance programs
• Lead by doing - execute critical GRC workstreams directly while scaling team capabilities, maturing processes, and transitioning ownership to analysts over time
• Manage and mentor GRC analysts, balancing direct execution with team enablement as the program grows

Qualifications:

• 6+ years of experience in GRC, information security, audit, or compliance roles, preferably in health tech, SaaS, or regulated environments
• Deep understanding of regulations and standards including GDPR, ISO 27001, SOC 2, and NIST CSF
• Experience managing organizational risk registers and applying risk-informed decision-making
• Proven ability to lead third-party risk management in collaboration with internal stakeholders
• Familiarity with audit workflows, evidence collection, and control testing in fast-paced or audit-intensive environments
• Experience managing or mentoring compliance, audit, or GRC professionals
• Relevant certifications such as CISA, CISSP, CIPP/E, CRISC, ISO Lead Auditor, HITRUST CCSFP, or PMP are a plus
• Proven ability to build scalable, process-driven programs in high-growth or rapidly evolving environments
• Highly organized and detail-oriented, with strong project execution and prioritization skills across competing deadlines
• Demonstrated accountability to metrics, data-driven reporting, and outcome-based program management
• Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions, with awareness of emerging governance and ethical considerations such as data privacy and model transparency