Director, Governance, Risk, and Compliance

Summary

Join Innovaccer as their experienced Director of Governance, Risk, and Compliance (GRC) to lead security and compliance efforts, driving the organization's StateRAMP and FedRAMP certification goals. This highly visible role, reporting to the CISO, requires a seasoned professional with extensive experience in state and federal compliance, including standards like NIST 800-53, ISO 27001, and SOC2. The Director will develop and implement a comprehensive GRC strategy, lead audits, manage risk, and ensure regulatory adherence. Strong communication and collaboration skills are essential for this role, which involves working with cross-functional teams. The successful candidate will also manage and optimize GRC software and provide insights into ongoing control monitoring. This position offers a competitive benefits package, including generous PTO, parental leave, rewards and recognition, and comprehensive insurance.

Requirements

• Proven track record as a Director (or similar leadership role) in Governance, Risk, and Compliance
• Extensive experience in the State and Federal space, with a strong understanding of NIST 800-53, StateRAMP, and FedRAMP requirements
• Experience managing third-party risk programs
• Managing and mentoring teams
• Proficiency in managing audits for ISO 27001 and SOC2
• Expertise in GRC software and compliance tools
• Strong knowledge of cloud technologies and their compliance implications
• Exceptional leadership, presentation, and communication skills, with the ability to influence stakeholders at all levels
• Critical thinking, negotiating, and problem-solving skills
• Detail-oriented with strong analytical and problem-solving abilities
• Demonstrated ability to manage highly complex, high-stakes compliance projects

Responsibilities

• Develop and implement a comprehensive GRC strategy aligned with the organization’s objectives, particularly for StateRAMP and FedRAMP certifications
• Drive risk and compliance programs and ensure alignment with frameworks, standards and regulations
• Collaborate closely with the CISO to integrate GRC initiatives into broader security and risk management strategies
• Participate and lead in cross-organizational governance
• Lead internal and external audits, including ISO 27001, SOC2, and healthcare-specific frameworks and certifications like HIPAA and HITRUST
• Serve as the primary liaison with external audit firms and 3PAOs, ensuring successful audit outcomes
• Develop and maintain risk assessment processes to identify, mitigate, and monitor risks
• Provide guidance on emerging risks, regulatory changes, and industry trends
• Maintain compliance with frameworks and regulations including, but not limited to MARSe and CJIS data requirements, where applicable
• Manage our Third-Party Risk Management (TPRM) program
• Partner with cross-functional teams, including Security, IT, Infrastructure, Development, Legal, and Operations, to embed compliance into business processes
• Provide insights and recommendations to the CISO on regulatory changes and emerging risks
• Assess, train, and educate employees on GRC policies, procedures, and best practices
• Manage and optimize the use of GRC software to streamline compliance workflows audits and make use of a Common Controls Framework
• Provide insights into the ongoing monitoring of controls

Preferred Qualifications

• Hands-on experience with MARSe and CJIS data compliance
• Healthcare compliance experience (HIPAA, HITRUST)
• CISA, CRISC, CISM, ISO27001 LA, HITRUST Certified, and CFE
• A sense of humor

Benefits

• Enjoy a PTO benefit accrual of 22 days per year
• Experience one of the industry's best parental leave policies to spend time with your new addition
• Unlock your potential and be rewarded generously with both monetary incentives and widespread recognition for your dedication and outstanding performance
• We offer medical, dental, and vision benefits along with 100% company-sponsored short and long-term disability and basic life insurance
• Legal aid and pet insurance options are available at a discounted rate