Director of Governance, Risk & Compliance overseeing technology and AI compliance at MTM Health. Leading regulatory alignment and governance for cloud and software development in a healthcare context.
About the role
- GRC Engineer at security team to strengthen governance, risk, and compliance programs. Collaborating with technical security engineers to protect customer data.
Responsibilities
- Own compliance programs including ISO 27001 and SOC 2, coordinating audits, managing evidence collection, and maintaining certifications
- Implement and manage a GRC automation platform (Drata, Vanta, or similar) to streamline compliance workflows and continuous monitoring
- Develop and refine security policies and procedures that meet regulatory requirements while remaining practical for engineering teams
- Assess risks across production, non-production, and QA environments, prioritizing security initiatives based on business impact and compliance obligations
- Bridge technical and business stakeholders by translating security requirements into language appropriate for different audiences
- Manage vendor security assessments and third-party risk reviews in partnership with procurement and legal teams
- Develop metrics and reporting that give leadership visibility into compliance status and risk landscape
Requirements
- Strong hands-on experience with AWS environments and cloud security controls (EC2, IAM, CloudTrail, Config, Security Hub, etc.)
- Scripting skills in Python, Bash, or similar languages to automate compliance tasks and evidence collection
- Proven experience implementing and managing GRC automation tools such as Drata, Vanta, or similar platforms
- Understanding of compliance frameworks like ISO 27001, SOC 2, GDPR, and CCPA (formal audit experience not required)
- Comfort reading technical documentation and collaborating with engineering teams
- Strong project management skills with ability to manage multiple compliance initiatives simultaneously
- Clear communication skills for both technical and non-technical audiences
- Technical background preferred over traditional audit experience
- Certifications like AWS Security Specialty, CRISC, CISA, or CISSP a plus
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Regulatory Affairs Specialist implementing strategies for pharmaceutical compliance and ensuring adherence to global regulations. Collaborating with cross - functional teams to support product development and licensing.
Spécialiste principal en stratégie réglementaire assurant la conformité réglementaire des produits pharmaceutiques. Collaborant avec des équipes interfonctionnelles pour soutenir le développement de produits.
Senior EHS Manager responsible for compliance audits and initiatives in Watts Industries' manufacturing locations. Monitoring regulatory changes and collaborating with teams to maintain EHS standards.
Director of Compliance and Risk at Voyager Asset responsible for managing risk and compliance policies. Ensuring investment integrity and adherence to regulations in a fast - paced environment.
Compliance Readiness Manager providing expert compliance support and ensuring adherence to regulations in Group Payments. Overseeing compliance readiness and driving initiatives for continuous improvement.
Vice President leading PCI governance, risk, and compliance for Synchrony. Collaborating cross - functionally to ensure PCI compliance and mitigate risks within the organization.
Director of Promotional Regulatory Affairs at AstraZeneca overseeing FDA compliance and regulatory strategy development. Collaborating with cross - functional teams to ensure promotional materials meet standards.
ITGC Compliance Manager at BAT overseeing compliance with IT General controls within the Digital Business Solutions. Supporting management to improve compliance measures and coordinate with stakeholders.
Regulatory Affairs Specialist ensuring compliance for Class III and IV medical devices in Brazil. Collaborating within a LATAM matrix structure to provide regulatory guidance and support.