Head of Governance, Risk and Compliance

About The Position

Requirements

• You have proven experience (10+ years) as a program manager or analyst focused on governance, risk, or compliance-ideally in a regulated environment (healthcare, fintech, SaaS).
• You are capable of leading complex technical programs and driving projects through ambiguity to results.
• You understand security, data governance, and compliance requirements (including healthcare-adjacent risks), and are comfortable translating technical and regulatory concepts into actionable operations.
• You can communicate effectively with technical and non-technical audiences, including senior leaders.
• You hold yourself accountable for delivering high-quality outcomes on schedule in a fast-moving environment.
• You build stakeholder trust, manage competing priorities, and apply sound judgment when multiple routes exist.
• You thrive in cross-functional settings and can represent the GRC team credibly across engineering, clinical, product, and business functions.
• Technical Bachelor's degree (or equivalent experience).
• 10+ years in a program or project-management role in a GRC, security, or similar domain.
• Demonstrated success leading technical programs and delivering results.
• Strong grasp of governance, risk management, compliance fundamentals (audit controls, internal control frameworks, or equivalent).
• Familiarity with project management tools (e.g., Jira, ServiceNow) and comfortable establishing new processes.
• Strong understanding of security concepts, data governance, vendor risk management, and operations in a regulated/health-adjacent context. (HIPAA, HITRST, SOC 2, ISO, SaMD, and others)

Nice To Haves

• Certifications such as PMP, CRISC, CISA, CISSP, or CISM.
• Experience in a SaaS/Cloud environment, preferably healthcare or life sciences.
• Experience working at a publicly listed company or through external auditors/regulators.
• Familiarity with GRC tooling (e.g., Drata, Vanta, or equivalent compliance automation platforms).

Responsibilities

• Develop and own the GRC program roadmap: define goals, deliverables, success criteria, timelines, and key milestones aligned with Hippocratic AI's strategic objectives (safety, regulatory readiness, trust frameworks).
• Establish and refine frameworks, processes, and best practices for GRC within the company context (healthcare-AI domain).
• Manage portfolio of GRC projects: from operational documentation to remediation items, audit readiness, risk assessments, vendor/third-party governance.
• Collaborate with other program /project managers in InfoSec, Product, and Clinical Ops to align on methodology, reporting, and metrics to prevent silos.
• Design and deliver regular reporting on program health, risk metrics, and compliance status to senior leadership and partner functions.
• Lead remediation tracking: identify, document, escalate, and monitor mitigation efforts across projects and operations.
• Maintain documentation management: templates, document structure, and content governance for GRC artifacts (policies, procedures, controls).
• Support strategic planning for GRC: annual/quarterly planning cycles, resource alignment, cross-functional dependencies.
• Act as an ambassador of the GRC function across the organization: build stakeholder relationships and cultivate a risk-aware culture.