RemoteLeaf Logo
Log in Sign up

Director of Security, GRC (Remote)

2 days, 4 hours ago
United States
Full-time
Lead
Penetration Tester
Cybersecurity
HIPAA
Apply Now
Aledade

Aledade

Aledade collaborates with independent practices, health centers, and clinics to establish and manage Accountable Care Organizations (ACOs) that prioritize primary care, enabling physicians to enhance patient care while maintaining their independence in...

Health Care Providers & Services
1K-5K
Founded 2014
$686M raised
View All Jobs 60

Description

  • Build, lead, and continuously mature Aledade’s enterprise Governance, Risk & Compliance program.
  • Own and maintain the enterprise risk management framework and risk registry, including leadership and Audit Committee reporting.
  • Lead compliance certification programs for SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
  • Manage external audit preparedness and execution, including evidence collection and coordination across business and technology teams.
  • Oversee the Vanta Trust platform, including continuous control monitoring, evidence automation, and Trust Center management.
  • Develop, maintain, and enforce security, privacy, and governance policies and standards.
  • Partner across Security, IT, Product, and Legal to align compliance efforts and ensure audit evidence is ready.
  • Translate regulatory and framework requirements into scalable, practical operational processes.
  • Support governance that enables innovation while protecting sensitive patient data.
  • Manage and develop a growing GRC team.

Requirements

  • 10+ years of experience in Governance, Risk, Compliance, Information Security, or related fields.
  • At least 5 years of leadership experience.
  • Strong knowledge of risk management frameworks and regulatory requirements, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
  • Demonstrated experience preparing organizations for external audits and regulatory certifications.
  • Hands-on experience with GRC platforms such as Vanta, OneTrust, Archer, or similar tools.
  • Proven ability to design and operationalize compliance programs, policies, and evidence frameworks at scale.
  • Excellent leadership, communication, and cross-functional collaboration skills.
  • Preferred certifications include CISA, CISM, CRISC, or CISSP.
  • Deep knowledge of GRC frameworks and regulations such as NIST, ISO 27001, and AI RMF.
  • Experience growing and mentoring high-performing teams is preferred.

Benefits

  • Remote-first work environment with flexible work schedules available for many roles.
  • Health, dental, and vision insurance paid up to 80% for employees, dependents, and domestic partners.
  • Robust time-off plan with 21 days of PTO in the first year.
  • Two paid volunteer days and 11 paid holidays.
  • 12 weeks of paid parental leave for all new parents.
  • Six weeks of paid sabbatical after six years of service.
  • Educational Assistant Program and Clinical Employee Reimbursement Program.
  • 401(k) with up to 4% match plus stock options.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Avertium

Governance, Risk and Compliance | CyberSecurity Consultant

Avertium 251-1K IT Services

Avertium is hiring a remote CyberSecurity Consultant to support client cybersecurity and GRC engagements by assessing risk, implementing controls, strengthening compliance, and improving security posture.

United States Full-time Junior Penetration Tester
Cybersecurity Encryption HIPAA Penetration Testing
4 hours, 21 minutes ago
CloudWalk

Offensive Security Engineer

CloudWalk 51-250 Diversified Financial Services

CloudWalk is hiring an Offensive Security Engineer in São Paulo to combine red teaming, pentesting, and security automation into offensive work that directly improves defensive controls across its payments and credit platform.

Brazil Full-time Senior Penetration Tester Security Engineer
Android AWS Azure CI/CD GCP Go iOS Kubernetes LLM Penetration Testing TypeScript
4 hours, 36 minutes ago
Avertium

CyberSecurity Consultant

Avertium 251-1K IT Services

Avertium is hiring a remote Cybersecurity Consultant for its Acceleration & Optimization professional services team to lead Microsoft Cloud-focused security architecture, integration, and client advisory work.

Anywhere Full-time Senior Penetration Tester Program Manager
AWS Azure CloudFormation DevSecOps Elasticsearch GCP GitHub HIPAA Jenkins Kibana Logstash REST API SIEM SQL WAF
4 hours, 36 minutes ago
Elastic

Consulting Architect, Security, Canberra

Elastic 1K-5K Internet Software & Services

Elastic is hiring a Delivery Architect to lead customer-facing consulting engagements that design, implement, and expand Elastic security solutions across complex enterprise environments.

Australia Full-time Senior Penetration Tester
Agile AWS Azure Chef Cybersecurity Elasticsearch GCP Go JavaScript Linux Lucene Puppet Python Serverless SIEM Splunk
20 hours, 36 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers