💼 About This Role

You'll lead and scale the GRC program at a fast-growing AI startup, owning audit relationships and compliance roadmaps across SOC 2, HIPAA, and PCI. Your work will directly influence critical compliance timelines and enable the company to enter new markets with confidence. This role offers high visibility with cross-functional leadership and executive exposure.

🎯 What You'll Do

• Lead company-wide GRC program across SOC 2, HIPAA, PCI, HITRUST
• Manage external audit relationships and evidence collection
• Oversee vendor risk management and third-party due diligence
• Drive security policy framework creation and adoption

📋 Requirements

• 8+ years in Governance, Risk, and Compliance or related field
• 3+ years in a leadership or program ownership role
• Deep expertise across SOC 1/2, PCI, HIPAA, ISO frameworks
• Proven track record managing end-to-end audit programs

✨ Nice to Have

• Experience building or scaling a GRC function
• Strong understanding of vendor risk management
• Excellent cross-functional influencing skills with Legal and Engineering

🎁 Benefits & Perks

• 📈 Equity in the company
• 🏥 Medical, Dental, Vision premiums covered at 100%
• 🍼 Fully paid parental leave
• 🚗 Commuter benefits and 401k
• 🏖️ Unlimited vacation and paid holidays

📨 Hiring Process

Estimated timeline: 2-4 weeks

1. 1Recruiter Call· 30 min
2. 2Hiring Manager Interview· 60 min
3. 3Technical/Behavioral Panel· 60 min
4. 4Executive Interview· 45 min

🚩 Heads Up

• Requires 4-5 days in office but only 8+ years experience for a director level role may be mismatched
• No tech stack mentioned yet GRC role may need familiarity with security tools