Director of Security, GRC (Remote)

United States

Apply with AI Apply

Not SpecifiedCompensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Healthcare Technology, Information TechnologyIndustries

Requirements

Candidates must possess over 10 years of experience in Governance, Risk, and Compliance (GRC), Information Security, or related fields, with a minimum of 5 years in leadership roles. A strong understanding of risk management frameworks and regulatory requirements, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA, is essential. Demonstrated experience in preparing organizations for external audits and regulatory certifications, along with hands-on experience with GRC platforms like Vanta, is required. Proven ability to design and operationalize compliance programs, policies, and evidence frameworks at scale, coupled with excellent leadership, communication, and cross-functional collaboration skills, are necessary. Preferred qualifications include CISA, CISM, CRISC, or CISSP certifications.

Responsibilities

The Director of GRC will lead and mature the enterprise GRC program, owning the risk management framework and registry, and facilitating leadership and Audit Committee reviews. They will oversee compliance certification programs (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA), manage audit preparedness and execution, and ensure evidence collection readiness across teams. This role involves overseeing the Vanta Trust platform for control monitoring and evidence automation, and developing/enforcing policies and standards aligned with frameworks like NIST and ISO 27001. The Director will also manage a growing team and ensure security, privacy, and governance practices align with regulatory and contractual expectations.

Skills

Governance

Risk Management

Compliance

Information Security

GRC Platforms

Vanta

Policy Framework

Risk Management Framework

Risk Registry

Compliance Certifications

SOC 2

HIPAA

SOX/ITGC

HITRUST

CPRA

Audit Preparedness

NIST

ISO 27001

AI RMF

Team Leadership

Aledade

Supports independent primary care practices

About Aledade

Aledade operates in the primary care sector, focusing on supporting independent primary care practices. The company provides these practices with essential support and data to help them navigate the challenges of the changing healthcare landscape. Aledade offers personalized, on-the-ground assistance, ensuring that practices have timely access to the right data to improve the quality of care they deliver to their communities. Additionally, Aledade has developed a proprietary technology application that gives practices insights about their patients, further enhancing their care capabilities. Unlike many competitors, Aledade is dedicated to the success of independent practices, making it the largest network of its kind in the nation. The company's goal is to empower these practices to thrive and provide high-quality care through its support services and technology.

Bethesda, MarylandHeadquarters

2014Year Founded

$662MTotal Funding

SERIES_FCompany Stage

Enterprise Software, HealthcareIndustries

1,001-5,000Employees

Risks

Increased competition from platforms like Privia Health threatens Aledade's market share.

Integration challenges from acquiring Medical Advantage may disrupt operations in Michigan.

Rapid technological advancements require continuous updates to Aledade's technology platform.

Differentiation

Aledade partners with independent primary care physicians to create Accountable Care Organizations.

The company offers a proprietary technology platform for timely patient insights.

Aledade provides personalized, on-the-ground support to enhance care quality.

Upsides

Aledade's acquisition of Medical Advantage expands its presence in Michigan significantly.

The rise of telehealth creates new opportunities for Aledade's primary care practices.

Aledade's focus on value-based care aligns with increasing demand for ACOs.

Land your dream remote job 3x faster with AI

Try Jobo Free