Director, Governance, Risk, & Compliance

Director, Governance, Risk, & Compliance

Are you looking for a high energy, strategic, and fast-paced position as a Director, Governance, Risk, & Compliance? Join Relias, the company changing lives throughout the world by helping healthcare organizations improve their clinical and financial outcomes! For 11,000+ health care and human service organizations, Relias helps clients deliver better clinical and financial outcomes by elevating the performance of teams. We help organizations across the continuum of care get better at maintaining compliance, developing staff and promoting consistent, high-quality care. Our platform employs assessments to reveal specific gaps in skills and addresses them with personalized and engaging learning, choosing from 7,000+ online courses that meet accrediting board, state and federal requirements. We are passionate about our products and our clients; what we deliver and the impact we have on the world is truly something you can be proud to represent. Join us and make a difference.

WHAT CAN RELIAS OFFER YOU?

• Fantastic health and wellness benefits package, including an outstanding 401k match, a flexible PTO program, and a generous and inclusive parental leave policy.
• Additionally, Relias pays for the employee portion of the monthly healthcare premium!
• Flexible work environment with onsite and work from home options – you choose when you want to come into the office!
• Active Employee Resource Groups open to all employees!
• Comprehensive onboarding program – a great introduction to our company, customers and culture!
• Growth and career advancement opportunities! Promotes internal mobility and career growth aligned with evolving business needs
• Multiple development program options – leadership development, professional development curriculums, and Nanodegree options in both technology and data science
• Professional development gained from conference attendance and participation in organizations like NC Tech
• Onsite 321 Coffee Shop providing free coffee and pastries to employees

The Director of (Cyber) Governance, Risk & Compliance (GRC) is a cyber leadership role responsible for establishing, operationalizing, and continuously maturing the organization's cybersecurity governance, risk management, and compliance programs in alignment with enterprise strategy and regulatory obligations. This role provides strategic oversight of policy development, risk assessment and treatment, internal controls, third-party risk management, audit readiness, and regulatory engagement. The Director partners closely with security architecture, security operations, legal, privacy, internal audit, product, and business stakeholders to ensure cybersecurity practices are aligned with enterprise risk tolerance and customer expectations. The role is accountable for defining governance structures, driving risk-informed decision-making, ensuring compliance with applicable frameworks and regulations, and building a scalable GRC function that enhances transparency, accountability, and trust across the organization.

WHAT YOU'LL BE DOING:

• Lead the strategy, operating model, and maturity roadmap for governance, risk, and compliance programs.
• Develop, maintain, and enforce information security policies, standards, procedures, and guidelines aligned with regulatory and business requirements.
• Oversee enterprise risk management for cybersecurity, including risk identification, assessment, prioritization, treatment tracking, and reporting.
• Maintain a centralized risk register and ensure appropriate risk acceptance, mitigation, or transfer decisions are documented and approved.
• Lead internal and external audit readiness activities, including coordination of evidence collection, control validation, and remediation tracking.
• Manage compliance with applicable frameworks and standards such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and other regulatory obligations as applicable.
• Oversee third-party risk management processes, including vendor assessments, due diligence, risk rating, and monitoring of remediation activities.
• Establish governance forums, reporting structures, and escalation pathways to support risk-informed decision-making and accountability.
• Develop and deliver risk reporting, dashboards, and executive communications that articulate control effectiveness, compliance posture, and residual risk.
• Partner with legal, privacy, human resources, and business stakeholders to ensure alignment on regulatory obligations and data protection requirements.
• Drive continuous improvement of controls, processes, and governance practices based on audit findings, risk trends, and evolving threats.
• Support customer-facing security and compliance inquiries, including RFPs, due diligence questionnaires, and assurance reporting.
• Manage technology platforms supporting GRC functions (e.g., risk management systems, policy tools, audit tracking solutions).
• Lead, coach, and develop GRC professionals while fostering a culture of accountability, transparency, and continuous improvement.

YOU'VE GOT WHAT IT TAKES IF YOU HAVE/ARE:

• 10+ years of progressive experience in cybersecurity, risk management, compliance, or related fields.
• 5+ years of leadership experience in a GRC or related cybersecurity function.
• Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business, or a related field; or equivalent professional experience.
• Demonstrated experience building or managing governance, risk, and compliance programs in a mid-sized or large organization.
• Experience supporting audits, regulatory inspections, and compliance assessments.
• Experience managing third-party risk and vendor assessment processes.
• Experience developing policies, standards, and enterprise risk frameworks.
• Experience partnering with executive leadership and cross-functional stakeholders on risk and compliance initiatives.

EXPERIENCE/EDUCATION PREFERRED:

• Master's degree in Cybersecurity, Risk Management, Information Assurance, Business Administration, or related discipline.
• Professional certifications such as CISSP, CISM, CRISC, or CISA.
• Experience in SaaS, cloud-native, or highly regulated industries.
• Experience aligning security and compliance programs to FedRAMP, SOC 2, ISO 27001, or similar frameworks.
• Experience supporting customer trust programs and external assurance reporting.
• Experience implementing or optimizing GRC tooling and automation.

Relias is an Equal Opportunity Employer and a Drug-Free workplace. Relias welcomes and encourages applications from people with disabilities and is happy to make reasonable accommodations in all aspects of the selection process. If you are an individual with a disability and require reasonable accommodation to complete any part of the job application process, please visit our career page for instructions.

IN OFFICE REQUIREMENT: Relias values collaboration and wants to ensure that our team members have opportunities to work with their teams regularly for professional development opportunities. Our flexible hybrid work environment requires that you live in the state of North Carolina, within a commutable distance to our office (~1-hour commute). You would be expected to work in our Morrisville, NC Headquarters (close to the Raleigh/Durham airport) approximately 40 days/quarter.

Company: Relias LLC Country: United States of America State/Region: North Carolina City: Morrisville Postal Code: 27560 Job ID: 289682