Demo
Salary Resume Critique Job Openings

Lead GRC Consultant

GAVS Technologies
Boston, MA Full Time
POSTED ON 3/26/2025
AVAILABLE BEFORE 4/24/2025

Job Title: Governance, Risk, and Compliance (GRC) Lead - Healthcare

This onsite 4 days a week .

Location: Boston, MA

Department: Information Security




Position Overview:

We are seeking a highly skilled and experienced Governance, Risk, and Compliance (GRC) Lead with in-depth knowledge of US healthcare regulations, including HIPAA, HITRUST, and other related compliance frameworks. The ideal candidate will be responsible for managing and overseeing the organization's GRC initiatives, including third-party risk assessments, and working closely with the Compliance, Legal, and Security teams to ensure our processes and policies align with industry standards and regulatory requirements. This is a leadership position with a critical role in protecting the organization's data, mitigating risks, and ensuring we meet all compliance requirements, especially regarding third-party relationships.



Key Responsibilities:

  • Lead GRC Program Development & Execution:
  • Develop, implement, and manage a comprehensive GRC program focused on healthcare regulations such as HIPAA, HITRUST, and other relevant frameworks.
  • Ensure that policies, procedures, and controls are aligned with industry standards and meet regulatory requirements.
  • Regularly assess and update the GRC framework in response to evolving regulations and risks.
  • HIPAA & HITRUST Compliance Management:
  • Oversee the organization's compliance with HIPAA Privacy, Security, and Breach Notification Rules, ensuring that the company maintains an active, compliant posture.
  • Lead HITRUST assessments and certification processes, working with cross-functional teams to ensure timely completion and reporting.
  • Collaborate with the Compliance team to conduct internal audits and assessments to monitor adherence to healthcare data protection standards.
  • Risk Management & Mitigation:
  • Identify, assess, and manage risk related to IT security, privacy, and data protection in the healthcare industry.
  • Conduct risk assessments to evaluate existing vulnerabilities and propose actionable mitigation strategies.
  • Oversee the development of risk mitigation plans and ensure successful implementation in collaboration with the IT, Security, and Compliance teams.
  • Third-Party Risk Management:
  • Develop, implement, and manage the organization's third-party risk assessment framework to ensure compliance with applicable healthcare regulations and security standards.
  • Conduct third-party risk assessments to evaluate and mitigate risks posed by external vendors, contractors, and service providers handling sensitive data or interacting with the organization’s systems.
  • Work with procurement, legal, and compliance teams to ensure that third-party contracts include appropriate security and privacy clauses.
  • Manage the third-party audit process, ensuring that third-party vendors meet the company’s compliance, security, and privacy standards.
  • Establish and maintain an ongoing third-party risk monitoring program, ensuring continuous evaluation of vendor compliance and performance.
  • Collaboration with Compliance Teams:
  • Work closely with the Compliance team to ensure alignment between GRC and regulatory requirements (e.g., CMS, OCR audits, etc.).
  • Support the Compliance team in preparing for regulatory audits and investigations by ensuring that all necessary documentation and controls are in place.
  • Provide subject matter expertise on healthcare compliance regulations, helping to interpret, apply, and ensure the organization remains compliant with applicable rules.
  • Incident Response & Breach Management:
  • Develop and implement incident response strategies for security breaches or compliance violations.
  • Manage HIPAA breach reporting and assist in any required breach notifications and follow-up actions.
  • Coordinate with legal and compliance teams to ensure timely and accurate reporting to regulatory bodies (e.g., OCR, state authorities).
  • Training & Awareness:
  • Develop and deliver regular GRC training programs for staff, ensuring they are aware of compliance requirements, risk management strategies, and security best practices.
  • Foster a culture of compliance across the organization by promoting awareness of GRC principles among staff.
  • Continuous Improvement:
  • Stay current with changes in healthcare regulations, industry standards, and emerging trends in cybersecurity and compliance.
  • Propose and implement improvements to internal GRC processes to enhance the organization’s overall security and compliance posture.
  • Reporting & Documentation:
  • Prepare and present regular reports to executive leadership on the status of GRC programs, third-party risk assessments, risk assessments, audit results, and compliance posture.
  • Maintain and manage documentation related to compliance, policies, third-party risk assessments, risk management, and audit findings.



  • Required Qualifications:

    • Education:
    • Bachelor’s degree in Information Security, Computer Science, Healthcare Administration, Business, or related field. A Master’s degree or equivalent certifications (CISSP, CISM, CISA, CRISC, or similar) is a plus.
    • Experience:
    • Minimum of 5-7 years of experience in Governance, Risk, and Compliance (GRC) management, ideally in a healthcare environment.
    • Strong experience working with HIPAA, HITRUST, and other healthcare-related compliance frameworks.
    • Proven track record of leading GRC programs and collaborating closely with Compliance, Legal, IT, and Security teams.
    • Experience in risk management, data protection, privacy, and security within a healthcare organization.
    • Experience in third-party risk assessment processes, including vendor due diligence, vendor management, and ongoing third-party risk monitoring.
    • Familiarity with CMS, OCR audits, and other regulatory frameworks.
    • Technical Expertise:
    • In-depth understanding of information security, risk management, and compliance technologies.
    • Strong knowledge of healthcare IT systems, electronic health records (EHR), and protected health information (PHI).
    • Proficiency in GRC tools and platforms (e.g., ServiceNOW, RSA Archer) is preferred.



  • Desired Skills:

    • Strong Communication Skills:
    • Ability to communicate complex technical and compliance concepts to non-technical stakeholders.
    • Proven ability to lead cross-functional teams and influence without direct authority.
    • Problem-Solving and Analytical Thinking:
    • Excellent problem-solving skills and the ability to think critically and strategically about GRC and risk management.
    • Attention to Detail:
    • Exceptional attention to detail with an ability to manage multiple projects simultaneously.
    • Leadership & Team Collaboration:
    • Ability to manage and mentor teams, work across multiple departments, and influence a culture of compliance and security.

    If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Lead GRC Consultant?

    Sign up to receive alerts about other jobs on the Lead GRC Consultant career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $92,114 - $123,357
    Income Estimation: 
    $134,918 - $185,223
    Income Estimation: 
    $116,347 - $154,557
    Income Estimation: 
    $152,808 - $204,773
    Income Estimation: 
    $150,417 - $183,047
    Income Estimation: 
    $77,899 - $100,402
    Income Estimation: 
    $91,142 - $116,690
    Income Estimation: 
    $80,876 - $132,043
    Income Estimation: 
    $123,739 - $165,355
    Income Estimation: 
    $163,270 - $214,905
    Income Estimation: 
    $150,417 - $183,047
    Income Estimation: 
    $91,142 - $116,690
    Income Estimation: 
    $116,347 - $154,557
    Income Estimation: 
    $150,417 - $183,047
    Employees: Get a Salary Increase
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Job openings at GAVS Technologies

    Senior Client Partner - Payor Domain
    GAVS Technologies
    Hired Organization Address Chicago, IL Full Time
    verview: We are seeking a highly motivated and experienced Client Partner to join our team, specifically focusing on the...
    Governance, Risk, and Compliance (GRC) Lead
    GAVS Technologies
    Hired Organization Address Boston, MA Full Time
    Job Details Looking for a GRC Lead with experience in Healthcare industry to work on-site in Boston, MA. This will be a ...
    Mobile Engineer/Flutter
    GAVS Technologies
    Hired Organization Address Andover, MA Full Time
    Job Details Mobile Engineer with Strong, deep experience in Flutter Experience with Dart SDK Experience developing custo...
    View More Jobs at GAVS Technologies

    Not the job you're looking for? Here are some other Lead GRC Consultant jobs in the Boston, MA area that may be a better fit.

    GRC Lead (Healthcare Experience)

    Swanktek, Boston, MA

    ServiceNow Business Process Consultant – GRC

    Alldus, Cambridge, MA

    View More Jobs

    AI Assistant is available now!

    Feel free to start your new journey!