Director of Governance and Compliance

About The Position

Requirements

• Deep Regulatory Knowledge – Understand laws, regulations, and industry standards
• Governance Framework Expertise – Design and implement governance structures and policies
• Risk Management Skills – Identify, assess, and mitigate compliance risks effectively
• Internal Controls Oversight – Develop and monitor robust internal control systems
• Strategic Thinking – Align compliance and governance with organizational goals
• Leadership & Influence – Lead teams and drive a culture of integrity
• Ethical Judgment – Model and enforce high ethical standards
• Clear Communication – Explain complex regulations to diverse stakeholders
• Collaboration Ability – Work across departments and with external partners
• Adaptability & Tech Awareness – Respond to regulatory changes and emerging tech risks
• Experience with Microsoft 365 including Teams integration
• Bachelor’s degree in business, finance, accounting, law, or related field
• 7–10+ years in governance, risk, compliance, regulatory affairs, or related roles
• Hands-on audit and internal controls experience, including SOC 1/2, PCI, preferably HITRUST
• Proven leadership in developing compliance programs, training, and leading teams
• Cross-functional collaboration with legal, finance, IT, HR, and external regulators
• Industry-specific regulatory knowledge, especially in healthcare and technology
• Strategic and risk management skills, including risk assessments and developing mitigation strategies
• Speaking and writing English is a requirement for this position
• Must be authorized to work in the United States
• Prolonged periods sitting at a desk and working on a computer
• Must be able to lift up to 15 pounds at times

Nice To Haves

• Professional certifications (e.g. CISA, CCEP, CRCM, CISSP) enhance credibility and expertise

Responsibilities

• Enterprise Data Governance Framework Development & Enforcement
• Standards for data hosting, tagging, quality, classification, retention and disposal of Customer Data
• Retention Schedule for business records
• Audit Framework Compliance – HITRUST, HIPAA and any other framework
• Responsible for HHIT achieving and maintaining compliance
• Vanta Product Owner
• Collaboration & Business Enablement
• Partner with business and technology stakeholders to promote data ownership & stewardship
• Facilitate data governance councils & working groups
• Drive adoption of data governance tools and best practices
• Risk Management
• Identify & mitigate data-related risks raising awareness according to the level of risk to the appropriate stakeholders up to and including executive management
• Escalation & collaboration with Human Resources to implement corrective actions and operating changes based on policy / standard operating procedures violations or gaps
• Implement controls for data privacy and security in collaboration with Security, Privacy & Legal teams
• Training & Awareness
• Responsible for training & awareness programs of audit programs, frameworks, data governance
• Other duties as assigned
• Responsible for protecting data entrusted to HHIT by customers or other parties by strictly adhering to HHIT’s data security and privacy policies and procedures, as well as HIPAA, PIPEDA and all other applicable law.