Governance, Risk, and Compliance Officer – Part-Time
Posted 2026-05-05
Remote, USA
Full-time
Immediate Start
- Job Description:
- Own SOC 2 and HIPAA programs end-to-end
- Manage auditor relationships and streamline evidence collection
- Maintain continuous audit readiness via Drata
- Improve audit efficiency
- Own vendor compliance intake (BAAs, DPAs, security reviews)
- Build and maintain a centralized vendor registry with PHI exposure mapping
- Establish fast, repeatable onboarding processes
- Partner with Engineering on vendor security assessments
- Audit and remediate ~30 existing policies with outdated ownership structures
- Replace “phantom roles” (e.g., Security Officer) with real owners
- Establish a meaningful policy review cadence
- Draft new policies (data retention, vendor management, access controls)
- Own and operate Drata (controls, evidence, personnel tasks)
- Manage Trust Center accuracy and external posture
- Handle customer security questionnaires
- Support Sales with compliance documentation for enterprise deals
- Document PHI data flows and system boundaries
- Support incident response from a compliance perspective
- Stay current on HIPAA and regulatory developments
- Requirements:
- 5+ years in GRC, security compliance, or related roles (startup experience strongly preferred)
- Deep experience with SOC 2 and HIPAA (hands-on ownership, not advisory)
- Strong familiarity with vendor risk management, BAAs, DPAs, and audits
- Experience with tools like Drata or similar compliance platforms
- Ability to operate independently in a fractional, high-ownership role
- Strong judgment - able to make pragmatic tradeoffs, not over-engineer
- Benefits:
- Competitive salary and equity in a high-growth company
- Opportunity to make an immediate impact
- Medical, dental, and vision coverage
- Unlimited paid time off
- Company-sponsored annual retreats
- 401(k) plan to support your long-term financial goals
- Commuter stipend for San Francisco-based employees