Governance, Risk, and Compliance Officer (Part-Time)
About The Position
We are hiring a Fractional GRC Manager (part-time, ~20 hrs/week) to build and own our compliance function. Freed operates in a highly regulated environment (SOC 2 Type 2, HIPAA) with PHI flowing across 150+ vendors. Today, compliance work is fragmented across senior leaders, creating inefficiencies, audit friction, and product delays. This role will act as the single accountable owner for Governance, Risk, and Compliance, responsible for maintaining audit readiness, unblocking product and vendor workflows, and reducing the compliance burden on engineering and leadership. This is a hands-on, embedded operator role - not advisory. You will work closely with Finance, Engineering, Infrastructure, Legal, and GTM teams.
Requirements
- 5+ years in GRC, security compliance, or related roles (startup experience strongly preferred)
- Deep experience with SOC 2 and HIPAA (hands-on ownership, not advisory)
- Strong familiarity with vendor risk management, BAAs, DPAs, and audits
- Experience with tools like Drata or similar compliance platforms
- Ability to operate independently in a fractional, high-ownership role
- Strong judgment - able to make pragmatic tradeoffs, not over-engineer
Nice To Haves
- Exposure to HITRUST or ISO 27001 frameworks
- Experience working cross-functionally with Engineering and GTM teams
- Background in scaling compliance functions from early-stage
Responsibilities
- Audit & Certification Ownership
- Own SOC 2 and HIPAA programs end-to-end
- Manage auditor relationships and streamline evidence collection
- Maintain continuous audit readiness via Drata
- Improve audit efficiency
- Vendor Compliance & Risk Management
- Own vendor compliance intake (BAAs, DPAs, security reviews)
- Build and maintain a centralized vendor registry with PHI exposure mapping
- Establish fast, repeatable onboarding processes
- Partner with Engineering on vendor security assessments
- Policy & Governance
- Audit and remediate ~30 existing policies with outdated ownership structures
- Replace “phantom roles” (e.g., Security Officer) with real owners
- Establish a meaningful policy review cadence
- Draft new policies (data retention, vendor management, access controls)
- Compliance Operations
- Own and operate Drata (controls, evidence, personnel tasks)
- Manage Trust Center accuracy and external posture
- Handle customer security questionnaires
- Support Sales with compliance documentation for enterprise deals
- Risk & Incident Support
- Document PHI data flows and system boundaries
- Support incident response from a compliance perspective
- Stay current on HIPAA and regulatory developments
Benefits
- Competitive salary and equity in a high-growth company
- Opportunity to make an immediate impact
- Medical, dental, and vision coverage
- Unlimited paid time off
- Company-sponsored annual retreats
- 401(k) plan to support your long-term financial goals
- Commuter stipend for San Francisco-based employees
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Part-time
Career Level
Mid Level
Education Level
No Education Listed
