Staff, Governance, Risk, Compliance (GRC)

New York, New York, United States

Apply with AI Apply

Not SpecifiedCompensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Health Technology, Wearable Technology, SecurityIndustries

Requirements

Candidates should have over 7 years of experience in Governance, Risk, and Compliance (GRC), IT compliance, security, or risk management, with proven leadership in cross-functional projects. Deep expertise in frameworks like SOC 2, HIPAA, HITRUST, NIST 800-171, ISO27001, ISO27799, CMMC, and FedRAMP is required. Familiarity with IT and cloud environments (AWS, GCP), security controls, compliance automation tooling, and a strong background in leading risk assessments, compliance audits, and executive-level reporting are necessary. Preferred certifications include CGRC, CISA, CRISC, CISSP, or equivalent. A leadership presence with the ability to influence, communicate, and drive alignment across technical and non-technical stakeholders is essential.

Responsibilities

The Staff GRC professional will lead strategic GRC initiatives end-to-end, including achieving and maintaining industry certifications. They will develop, implement, and oversee security and compliance policies, ensuring integration into business operations. This role involves partnering with Product, Engineering, and Privacy teams to embed security and compliance by design into new features and processes. Responsibilities also include anticipating and interpreting regulatory changes, leading risk assessments and mitigation strategies, overseeing audit readiness and execution, and mentoring peers to foster a company-wide culture of compliance and risk awareness.

Skills

Governance

Risk

Compliance

SOC 2

HIPAA

ISO 27001

ISO 27799

HITRUST

NIST 800-171

CMMC

FedRAMP

Risk Management

Policy Development

Security Programs

Compliance Frameworks

Oura

Wearable health monitoring smart ring

About Oura

Oura offers a smart ring that tracks various health metrics, including sleep patterns, heart rate variability, and physical activity. The ring uses advanced sensors to collect data, which is then analyzed and displayed through a mobile app, providing users with insights to improve their health and lifestyle. Unlike many competitors, Oura focuses on a direct-to-consumer model, selling its rings through its website and collaborating with sports teams and health institutions for additional partnerships. The goal of Oura is to help users, including athletes and those with health conditions, optimize their health through data-driven insights.

Oulu, FinlandHeadquarters

2013Year Founded

$344.1MTotal Funding

SERIES_DCompany Stage

Biotechnology, HealthcareIndustries

501-1,000Employees

Benefits

Competitive salary & equity packages

Health, dental, financial, & vision insurance

Wellness & mental health benefits

$300 per month health improvement related stipend

Flexible working hours

An Oura Ring of your own

Employee discount for friends & family

20 days of PTO

Risks

Increased competition from Samsung and Huami may pressure Oura's market share.

Criticism of cumbersome interfaces could lead users to competitors like VIV Health.

High valuation may lead to investor pressure for rapid growth, risking strategic missteps.

Differentiation

Oura's smart ring tracks over 20 biometrics, offering comprehensive health insights.

The ring's seamless wearability and precise monitoring set it apart in the market.

Oura's partnerships with sports teams validate its utility and accuracy for athletes.

Upsides

Oura raised $550M, boosting its valuation to $5.2 billion in 2024.

Integration with AI-driven insights could enhance personalized health recommendations.

Strategic partnerships with Dexcom and Essence Healthcare expand market reach into healthcare.

Land your dream remote job 3x faster with AI

Try Jobo Free