Director of Security, GRC (Remote) at Aledade
You're a seasoned leader with over 10 years in Governance, Risk, and Compliance, including at least 5 years managing teams. You have a strong grasp of various r
Work type: remote
Location: Remote, United States
Type: Full-time
Summary
You're a seasoned leader with over 10 years in Governance, Risk, and Compliance, including at least 5 years managing teams. You have a strong grasp of various risk management frameworks and regulatory requirements and are comfortable working with GRC platforms.
**What makes it worth a look...**
Aledade, a fully remote company in the United States, is looking for a Director of GRC to build out their enterprise-wide program. You'll report to the CISO and manage a team, owning the risk program, GRC platforms, and policy framework.
**You might be a good fit if you...**
* Have hands-on experience with GRC platforms like Vanta.
* Have led compliance certifications for SOC 2, HIPAA, SOX/ITGC, HITRUST, or CPRA.
* Are skilled in preparing organizations for external audits.
* Possess certifications such as CISA, CISM, CRISC, or CISSP.
Job Description
Aledade is seeking a Director of Governance, Risk & Compliance (GRC) to lead and scale our enterprise GRC program. Reporting directly to the Chief Information Security Officer (CISO), this role is responsible for building out a cohesive framework for risk management, compliance, and certifications while ensuring that security, privacy, and governance practices align with regulatory, contractual, and audit expectations.
The Director will manage a growing team (currently two direct reports) and own Aledade’s risk program, GRC platforms (including Vanta), and policy framework. This leader will be accountable for driving compliance certifications (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA), partnering across Security, IT, Product, and Legal to ensure evidence is ready for external audits, and ensuring governance enables both innovation and protection of sensitive patient data.
## Primary Duties:
- Build, lead, and continuously mature Aledade’s Governance, Risk & Compliance program.
- Own and maintain the enterprise risk management framework and risk registry, facilitating reviews and reporting to leadership and the Audit Committee.
- Lead Aledade’s compliance certification programs, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
- Manage audit preparedness and execution for external assessments, ensuring evidence collection and readiness across business and technology teams.
- Oversee the Vanta Trust platform, including continuous control monitoring, automation of evidence gathering, and Trust Center management.
- Develop and enforce policies and standards, ensuring clarity, adoption, and alignment with frameworks such as NIST, ISO 27001, HIPAA, and AI RMF.
## Minimum Qualifications:
- 10+ years of experience in Governance, Risk, and Compliance, Information Security, or related fields, with at least 5 years in leadership roles.
- Strong knowledge of risk management frameworks and regulatory requirements, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
- Demonstrated experience preparing organizations for external audits and regulatory certifications.
- Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer, or similar).
- Proven ability to design and operationalize compliance programs, policies, and evidence frameworks at scale.
- Excellent leadership, communication, and cross-functional collaboration skills.
- Preferred: CISA, CISM, CRISC, or CISSP certifications.
## Preferred Knowledge, Skills and/or Abilities:
- Deep knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).
- Strong program management and audit readiness skills, including policy development, evidence collection, and external audit coordination.
- Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.
- Proven leadership and people development abilities, with experience growing and mentoring high-performing teams.
- Excellent collaboration and communication skills, with the ability to influence executives, engineers, and auditors.
- Ability to balance compliance requirements with innovation, translating regulations into scalable, practical processes.
Aledade is seeking a Director of Governance, Risk & Compliance (GRC) to lead and scale our enterprise GRC program. Reporting directly to the Chief Information Security Officer (CISO), this role is responsible for building out a cohesive framework for risk management, compliance, and certifications while ensuring that security, privacy, and governance practices align with regulatory, contractual, and audit expectations.The Director will manage a growing team (currently two direct reports) and own Aledade’s risk program, GRC platforms (including Vanta), and policy framework. This leader will be accountable for driving compliance certifications (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA), partnering across Security, IT, Product, and Legal to ensure evidence is ready for external audits, and ensuring governance enables both innovation and protection of sensitive patient data.
View this job on nocollar jobs