GRC Lead
Thirty Madison is building the premier healthcare company for people with chronic health issues. Through our novel approach to care delivery, powered by our proprietary platform and brands built around specific chronic conditions, we combine the best of specialist-level healthcare with the convenience of telemedicine.
In just three years, we’ve built four brands on top of our platform: Keeps (for men’s hair loss), Cove (for migraine), Evens (for GI conditions), and our newest brand, Picnic (for allergies). We’re growing rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.
This year, we are honored to be included on Built In's 2021 list of Best Places To Work in New York City and Best Midsize Companies To Work For. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day.
The role / What’s the opportunity?
Thirty Madison is transforming the way patients care for their chronic conditions. To do that, we put our patients first. This is a chance to build it right from the ground up and help us leapfrog beyond our competition.
This role reports to our CISO
Responsibilities / What will I be doing? / You will…
- Build and manage 30 Madison’s compliance program for both regulatory and sales enablement.
- Help us operationalize compliance with key frameworks such as HIPAA, SOC2/HiTrust, CCPA/GDPR, and SOX.
- Establish/Maintain a GRC roadmap that is aligned with business needs.
- Collaborate with stakeholder teams (engineering, product, sales, legal) to help support practical and scalable outcomes.
- In close partnership with control owners, translate control remediation opportunities into business-enabling processes and standards.
Qualifications / What skills do I need? / You’ll be successful in this role if you have…
- You have a working understanding of regulatory regimes and have leveraged and implemented common control mappings (e.g. GDPR, CCPA, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST).
- You have successfully served as a liaison for the organization and third parties (e.g. auditors, HHS OCR) in the capacity of managing risk assessment and audit lifecycles.
- Strong desire to take ownership of problems and act on them independently in a rapidly evolving environment
- A continual desire to inform, evangelize and educate others through strong written and verbal communications.
Nice to have’s / Bonus Points
- You have a background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
- You’ve managed a cloud first continuous monitoring program.
- Competitive salary packages and career development opportunities
- 100% coverage on many health, dental, and vision insurance plans
- 401k with a match, commuter benefits, and FSA
- Budget for the technology tools you need — whether it’s a laptop, monitor, or special software
- Annual $750 vacation stipend and $750 wellness allowance
We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Please contact us to request accommodation.