Senior Governance, Risk, and Compliance (GRC) Lead

Senior Governance, Risk, and Compliance (GRC) Lead

Location:  Columbus, OH

About Gifthealth

At Gifthealth, we're revolutionizing the way people experience healthcare by simplifying the process of managing prescriptions and health services. Our mission is to provide a seamless, personalized, and efficient healthcare experience for all our customers. We're a dynamic, innovative, and customer-centric company dedicated to making a positive impact on people's lives.

About the Role

The GRC Lead will oversee and enhance the organization's Governance, Risk, and Compliance framework to ensure alignment with regulatory requirements, industry best practices, and organizational objectives. The role involves leading cross-functional initiatives to mitigate risks, maintain compliance, and establish a robust risk-aware culture.

How You’ll Help Us Improve Healthcare

• Develop and implement governance frameworks, policies, and procedures to ensure organizational compliance with laws, regulations, and standards.  
• Advise senior management on governance best practices and emerging trends.  
• Monitor and ensure alignment between business objectives and regulatory requirements.  
• Lead the development and maintenance of enterprise-wide risk management programs.  
• Identify, assess, and prioritize organizational risks, and develop mitigation strategies.  
• Facilitate regular risk assessments and provide detailed reports to stakeholders.  
• Collaborate with departments to embed risk management into operational processes.  
• Ensure compliance with applicable regulatory and legal requirements (e.g. HIPAA, ISO 27001, SOC 2).
• Act as the primary point of contact for internal and external audits.  
• Lead the creation, review, and update of compliance documentation and records.  
• Conduct training and awareness programs on governance, risk, and compliance topics.  
• Implement and oversee GRC tools and technology to enhance program effectiveness.  
• Collaborate with IT, Legal, and other departments to ensure cohesive GRC strategies.  
• Monitor and report on key metrics related to governance, risk, and compliance performance.
• Grow and mentor the GRC team, fostering a culture of continuous improvement and accountability.  
• Act as a trusted advisor to leadership, providing strategic recommendations on GRC-related matters.

A Few Things About You

• Bachelor’s degree in Business, Information Technology, Risk Management, or equivalent experience.
• 5 years of experience in Governance, Risk, and Compliance roles.
• Strong knowledge of regulatory frameworks and standards such as ISO 27001, HIPAA, PCI DSS, NIST, SOC 2, etc.  
• Excellent understanding of enterprise risk management methodologies.  
• Proficiency in GRC platforms and risk management tools.  
• Strong analytical and problem-solving skills.  
• Exceptional communication and stakeholder management skills
• Strategic thinker with a detail-oriented mindset.  
• Ability to navigate complex regulatory landscapes.  
• Collaborative and team-oriented approach to problem-solving.
• Certifications Preferred: CISA, CISSP, and/or GRCP

Our Offer to Ensure You Choose Gifthealth 

• Competitive compensation based on education, experience and performance 
• Comprehensive healthcare benefits offered by Gifthealth
• Opportunity to advance a non-traditional pharmacy with a technology focus
• Freedom to collaborate with a team of healthcare experts that share in the passion of improving medication accessibility and affordability