Director of Governance, Risk and Compliance (GRC)
About Ro
Ro is the healthcare technology company building a patient-centric healthcare system. Ro’s vertically integrated primary care platform powers a personalized, end-to-end healthcare experience from diagnosis, to delivery of medication, to ongoing care. With a nationwide provider network, in-home care API, and proprietary pharmacy distribution centers, Ro seamlessly connects telehealth, diagnostics, and pharmacy services to provide high-quality, affordable healthcare without the need for insurance. Since 2017, Ro has facilitated more than six million digital healthcare visits in nearly every county in the United States, including 98% of primary care deserts. Visit Ro.co for more information.
Ro was named #2 in Wellness on Fast Company’s 2019 list of the World’s Most Innovative Companies, listed by Inc. Magazine as a Best Place to Work in 2020, and earned its Great Place to Work Certification in 2020.
The Director of GRC role will lead the team tasked with developing and maintaining Ro's comprehensive risk management and ISMS programs focused on ensuring the confidentiality, integrity and availability of healthcare operations. This role will bolster Ro's compliance program to ensure the continued adherence with state and federal regulatory requirements. This role reports directly to the Chief Information Security Officer and will work closely with other internal security teams.
What you'll do:
- Oversee our implementation of the NIST framework while providing evidence to satisfy HIPAA, SOC and ISO27001 compliance requirements
- Coordinate with internal teams to improve and create new processes governing risk assessments, business impact analysis, our third party risk program and data lifecycle management program
- Develop and maintain an Information Security Education program that effectively incentivizes secure actions. Add to the security DNA of our organization
- Coordinate with vendors to perform internal and external audits (e.g. HITRUST, SOC, ISO27001). Gather and provide evidence to support all
What you'll bring:
- 5 - 8 years performing GRC analysis functions. 3 years in a team leadership role
- Minimum 3 years operating within the Healthcare industry vertical
- Preferred ISACA Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC)
- Preferred ISC2 Healthcare Certified Information Security & Privacy Practitioner (HCISSP) or Certified Information Security & Privacy Practitioner (CISSP) or CompTIA Advanced Security Practitioner (CASP+)
- Ability to translate technical risk into quantitative business risk
- Ability to draft and deliver strategic risk presentations to key stakeholders, including non-technical personnel
Benefits + Perks:
- Full medical, dental, and vision insurance + OneMedical membership
- Healthcare and Dependent Care FSA
- Commuter benefits
- 401(k)
- Flexible PTO
- Fitness reimbursement
- Paid maternity/parental leave
We welcome qualified candidates of all races, creeds, genders, and sexuality to apply.
See our California Privacy Policy here.