Director of Governance and Compliance

Summary

Join Flywheel's dynamic Regulatory Affairs team as the Director of Governance and Compliance. Lead the development and implementation of a comprehensive Compliance and Privacy framework aligned with business objectives and regulatory standards. This critical role ensures compliance with state, federal, and international regulations, effectively managing organizational risk. You will partner with the Director of Information Security, collaborate cross-functionally, and advise business unit leadership on regulatory matters. Flywheel offers a comprehensive benefits package and encourages a balanced work-life integration. The ideal candidate possesses extensive experience in regulatory compliance, particularly within healthcare or technology.

Requirements

• Minimum of 5-7 years of experience in regulatory compliance, preferably with healthcare or technology related industry
• Proven track record of developing, implementing, and overseeing governance frameworks and programs in a complex, multi-regulatory environment
• A strong understanding of IT security standards, privacy laws, and compliance regulations
• Detail Oriented, with a proven ability to spot inconsistencies or potential issues in a complex regulatory environment
• Strong analytical skills to assess compliance risks and develop effective mitigation strategies
• Proactive in identifying potential compliance issues and devising solutions before they escalate
• Deep knowledge of industry-specific regulations, standards, and best practices
• Proficient in using compliance management software and tools
• Familiarity with information security practices and how they intersect with compliance requirements
• Excellent project management and communication skills, including expertise in presenting complex regulatory frameworks to various audiences

Responsibilities

• Maintain a clear understanding of business activities and all applicable and changing state, federal, and international laws and regulations
• Serve as the organizations SME to ensure regulatory practices are built into business unit initiatives for the entire development lifecycle
• Identify, plan, and prioritize organizational compliance and privacy activities based on risk and manage according to a prescribed cycle (e.g., through the development of the annual compliance plan)
• Manage compliance efforts across the organization, ensuring adherence to laws, regulations, and standards such as GDPR, 21 CFR Part 11, HITRUST, ISO 27001, HIPAA, and AI Frameworks
• Assist with preparing the Regulatory Affairs Departmental briefing for Executive Committee, Board of Directors, and Compliance Committees
• Develop and maintain the organizations GRC, policies and procedures, ensuring they align with business objectives and regulatory requirements
• Serve as a trusted advisor with business unit leadership and translate regulatory requirements into business unit initiatives and priorities
• Develop and implement the Flywheel Compliance, Risk, and Privacy Framework with plans to enable effective and resilient business services, architectures, and processes ensuring the company adheres to all relevant laws, standards, and regulatory requirements
• Collaborate with cross-departmental business unit stakeholders to integrate compliance and risk management into the security and compliance program organization-wide
• Lead the company-wide Enterprise Risk Management program, working closely and cross-functionally with other operational departments -- Product, Engineering, Business Operations, Sales, Support, Legal, and Human Resources -- to develop strategies to identify, evaluate, and mitigate risks and ensure on-going risk assessment and monitoring
• Oversee Internal and External Audit Assessments to evaluate compliance with internal policies, regulatory requirements, and contractual obligations
• Lead Third-Party Supplier Management Risk Assessments and program ensuring alignment with business objectives and organizational risk tolerances
• Manage supply chain management processes, including vendor assessments, due diligence, and ongoing monitoring
• Comply with company policies, including security, confidentiality, and data protection requirements, to maintain a secure work environment

Preferred Qualifications

Advanced education or certification indicating a deeper understanding of compliance and regulatory affairs and a commitment to professional development

Benefits

• Flywheel has a comprehensive benefits package
• Encourages a balanced work life and home life