Free Lead GRC (Healthcare)

Position: Lead GRC(Healthcare)

Location: Boston, MA
Job Type: Long term Contract

Job Summary:

We are seeking a highly skilled Governance, Risk, and Compliance (GRC) Lead with expertise in the healthcare industry to oversee risk management, regulatory compliance, and IT governance. This role ensures adherence to HIPAA, HITRUST, GDPR, NIST, and other healthcare regulations while driving security best practices. The GRC Lead will work closely with IT, security, legal, and compliance teams to develop and enforce policies that protect patient data and ensure regulatory compliance.

Key Responsibilities:

Governance & Strategy

• Develop and implement GRC frameworks and policies aligned with healthcare compliance standards.

• Oversee IT governance practices, ensuring alignment with business and regulatory requirements.

• Lead risk assessment programs and ensure effective risk mitigation strategies.

• Collaborate with stakeholders to integrate GRC best practices across IT and business functions.

Risk Management

• Conduct risk assessments, audits, and security evaluations to identify and mitigate vulnerabilities.

• Develop and implement incident response plans, disaster recovery (DR), and business continuity plans (BCP) to ensure operational resilience.

• Monitor and assess third-party vendors for security risks and compliance gaps.

• Work with cybersecurity teams to ensure data protection measures are effective.

Compliance & Regulatory Management

• Ensure compliance with HIPAA, HITRUST, NIST, GDPR, SOC 2, PCI-DSS, ISO 27001, and other industry regulations.

• Lead and prepare for regulatory audits and assessments conducted by external agencies.

• Develop training programs to educate employees on security, compliance, and privacy regulations.

• Maintain documentation related to policies, procedures, risk registers, and compliance reports.

Required Qualifications:

• 10+ years of experience in GRC, healthcare IT compliance, or risk management.

• Strong knowledge of HIPAA, HITRUST, NIST, GDPR, SOC 2, PCI-DSS, ISO 27001 frameworks.

• Experience with GRC tools (Archer, ServiceNow GRC, MetricStream, etc.).

• Proficiency in risk assessments, audits, policy creation, and regulatory reporting.

• Ability to work cross-functionally with legal, IT security, and compliance teams.

• Excellent communication, analytical, and leadership skills.

Preferred Qualifications:

• Certifications: CISA, CISM, CRISC, CISSP, or HITRUST Certified CSF Practitioner.

• Experience with cloud security and compliance in healthcare (AWS, Azure, GCP).

• Background in third-party risk management and vendor compliance.

Contact seller Share

Comments