Director, Governance, Risk & Compliance

The Role:

The Director, Governance, Risk & Compliance (GRC) leads the organization's enterprise governance, risk, and compliance program, partnering closely with the CISO to strengthen security, regulatory compliance, and risk management across a multi-brand healthcare organization. This role is responsible for building and maturing GRC frameworks, leading enterprise risk and compliance initiatives, overseeing audit readiness, and driving data governance, third-party risk management, vulnerability management, and security awareness programs that support organizational growth and regulatory requirements.

Primary Responsibilities

• Develop and execute the enterprise GRC strategy, establishing governance, risk, and compliance frameworks aligned with ISO 27001, NIST, SOC 2, HIPAA, HITECH, and other applicable standards.
• Lead enterprise risk management, audit readiness, and compliance activities by maintaining risk registers, coordinating assessments, managing regulatory audits, and delivering executive reporting.
• Build and oversee enterprise programs for data governance, vulnerability management, third-party risk management, and security awareness, ensuring scalable processes and organizational adoption.
• Partner with Legal, IT, business leaders, and external stakeholders to strengthen privacy, regulatory compliance, policy development, and enterprise security practices across all brands.
• Lead and develop the GRC function by establishing operating models, building team capabilities, implementing governance processes, and driving continuous improvement initiatives.

This is a hybrid position, coming into the office 1x/quarter.

What You Bring to the Table:

Qualifications

• Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business, or a related field required; advanced degree preferred.
• 10+ years of progressive experience in governance, risk, and compliance, including leadership of enterprise GRC programs or teams.
• Deep expertise in ISO 27001, NIST Cybersecurity Framework, NIST 800-series, SOC 2 Type II, HIPAA, HITECH, and enterprise risk management frameworks.
• Proven experience building or significantly maturing GRC programs, including risk frameworks, compliance processes, audit management, and policy development within complex, multi-entity organizations.
• Demonstrated experience managing enterprise audits, regulatory compliance, control mapping across multiple frameworks, and executive risk reporting.
• Professional certifications such as CISSP, CISA, CRISC, CISM, or HITRUST CCSFP preferred; experience with HITRUST, GRC platforms (Drata, ServiceNow GRC, OneTrust, Archer), healthcare compliance, or PE-backed organizations is highly desirable.

Skills

• Governance and risk management
• Regulatory compliance
• Audit and control management
• Data governance
• Policy development
• Executive communication
• Cross-functional leadership
• Strategic planning

24 Hour Home Care is an Equal Opportunity Employer that is proud of its culture of diversity and inclusion. Individuals seeking employment are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. Additionally, 24 Hour Home Care will consider qualified candidates with criminal histories in a manner consistent with the law.

By completing this application, you are providing consent to receiving text messages from 24 Hour Come Care and associated vendors at the phone numbers provided. Message and data rates may apply.

The expected California Pay Range for this position: