Director of Security, GRC

Program Leadership:

• Build, lead, and mature the enterprise Governance, Risk & Compliance (GRC) program to support innovation and data protection.
• Manage a growing GRC team, own risk programs and platforms, and enforce scalable policies and standards.

Compliance and Audits:

• Lead all compliance certification efforts, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA, ensuring audit readiness.
• Coordinate evidence collection across business and technology teams, overseeing external assessments and control monitoring.

Framework and Collaboration:

• Maintain the enterprise risk management framework and risk registry, facilitating leadership and audit committee reviews.
• Partner cross-functionally with Security, IT, Product, and Legal to translate regulations into practical, scalable processes.

Qualifications and Impact:

• Require 10+ years in GRC or Information Security with leadership experience, certifications like CISA or CISSP preferred.
• Demonstrate strong knowledge of regulatory frameworks and proven ability to operationalize programs while balancing compliance with innovation.