Head of IT Governance, Risk, and Compliance (GRC)

About The Position

Requirements

• Bachelor’s degree in computer science, engineering, information systems, or a related field required
• 10+ years of progressive experience in IT security, compliance, risk management, or GRC leadership roles, ideally within a high-growth, cloud-enabled, or highly regulated environment.
• Demonstrated expertise in major security and privacy frameworks and standards, such as SOC 2, ISO 27001, HIPAA, and GDPR, along with practical knowledge of AI governance and healthcare AI compliance considerations.
• Strong executive presence and the ability to influence stakeholders across technical, operational, and business functions.
• Ability to communicate complex risk, compliance, and security matters clearly to senior leadership, auditors, clients, and cross-functional stakeholders.
• Demonstrated success building credibility and leading in environments where technology, operations, and business processes are tightly interconnected.
• Experience establishing or enhancing governance models that improve decision quality, accountability, prioritization, and cross-functional alignment.
• Strong executive presence and the ability to build credibility with senior leaders as well as frontline operators and functional partners.
• Excellent communication skills, including the ability to translate complexity into clear, concise messages tailored to technical, operational, and executive audiences.
• Sound judgment and high initiative in ambiguous environments, with the capacity to create structure, momentum, and alignment quickly.
• A track record of influencing outcomes through collaboration, credibility, and thoughtful organizational leadership.
• The ability to balance strategic leadership with selective hands-on engagement in high-priority initiatives.

Nice To Haves

• advanced degree preferred
• Experience applying risk-based controls to AI use cases, including privacy safeguards, vendor oversight, auditability, and model governance, is strongly preferred.

Responsibilities

• Define and oversee governance, risk, and compliance policies for modern access, endpoint, and virtual desktop environments, including secure approaches that support bring-your-own-device and remote work models.
• Assess the organization’s current-state controls, documentation, and operating practices across relevant frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11. Develop the strategy, roadmap, and governance processes needed to close gaps, strengthen compliance maturity, and support ongoing audit readiness and sustained regulatory alignment.
• Develop the governance framework, risk controls, and review processes needed to support LabConnect’s transition to AI-enabled internal workflows and product capabilities. Establish practical standards for acceptable AI use, model and vendor oversight, data handling, human review, auditability, and ongoing monitoring, with particular attention to HIPAA requirements for protected health information, the NIST AI Risk Management Framework, and FDA considerations where AI functionality may affect regulated healthcare use cases.
• Establish and enhance data protection controls, including data classification, monitoring, and loss prevention practices, to reduce risk and protect sensitive information across collaboration and operational platforms.
• Evaluate and monitor the compliance and security posture of external partners, vendors, and service providers that support business-critical and regulated processes.
• Partner with technology, quality, legal, privacy, and business leaders to embed compliance, validation, and risk management into operating processes in a manner that supports both operational rigor and organizational agility.
• Align IT controls, risk management, and audit readiness with validation requirements to ensure coordinated compliance with regulations such as FDA 21 CFR Part 11.