GRC CareersConnecting Talent and Trust.

JobsRemoteDirector of Security, GRC

Director of Security, GRC

Aledade
GovernanceRemoteFull-timeRemote

Aledade is hiring for the role of Director of Security, GRC, Remote. This is a Governance role in the governance, risk, and compliance field. Review the full details below and apply directly with Aledade.

Organization: AledadeLocation: RemoteWorkplace: RemoteFocus: GovernancePosted: Jun 13, 2026
This is a remote Governance role. Remote governance, risk, and compliance hiring has grown as organizations extend compliance, risk, and AI oversight across distributed teams, which widens the candidate pool beyond any single metro. Browse all remote GRC roles →

Aledade, a public benefit corporation operating the largest network of independent primary care in the country, is seeking a Director of Governance, Risk & Compliance (GRC) to lead and scale its enterprise GRC program. Reporting directly to the CISO, this role builds out a cohesive framework for risk management, compliance, and certifications while ensuring security, privacy, and governance practices align with regulatory, contractual, and audit expectations.

The Director manages a growing team and owns Aledade's risk program, GRC platforms (including Vanta), and policy framework. The leader is accountable for driving compliance certifications (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA), partnering across Security, IT, Product, and Legal to ensure evidence is ready for external audits, and ensuring governance enables both innovation and protection of sensitive patient data.

Key duties include owning the enterprise risk management framework and risk registry with reporting to leadership and the Audit Committee, leading audit preparedness and execution, overseeing the Vanta Trust platform, and developing policies aligned with NIST, ISO 27001, HIPAA, and the AI RMF.

Qualifications

  • 10+ years of experience in GRC, Information Security, or related fields, with at least 5 years in leadership roles
  • Strong knowledge of risk frameworks and regulatory requirements including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA
  • Demonstrated experience preparing organizations for external audits and regulatory certifications
  • Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer)
  • Preferred: CISA, CISM, CRISC, or CISSP certifications