Director of Security, GRC (Remote)

Job description

Aledade is seeking a Director of Governance, Risk & Compliance (GRC) to lead and scale our enterprise GRC program. Reporting directly to the Chief Information Security Officer (CISO), this role is responsible for building out a cohesive framework for risk management, compliance, and certifications while ensuring that security, privacy, and governance practices align with regulatory, contractual, and audit expectations. The Director will manage a growing team (currently two direct reports) and own Aledade’s risk program, GRC platforms (including Vanta), and policy framework. This leader will be accountable for driving compliance certifications (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA), partnering across Security, IT, Product, and Legal to ensure evidence is ready for external audits, and ensuring governance enables both innovation and protection of sensitive patient data. Primary Duties: - Build, lead, and continuously mature Aledade’s Governance, Risk & Compliance program. - Own and maintain the enterprise risk management framework and risk registry, facilitating reviews and reporting to leadership and the Audit Committee. - Lead Aledade’s compliance certification programs, including...