GRC Specialist

About Us At Sully.ai, we’re building the most impactful healthcare company on Earth. We believe that access to a great doctor is a basic human right. Today, that’s not a reality. Delays, misdiagnoses, administrative chaos, and burnout plague the system. Our Mission One Human, One Doctor. We build AI teammates that augment clinicians — scribes, nurses, receptionists, translators — all powered by our own world‑class models and deployed in real‑world care. Our Traction 450+ organizations signed 16 months AI agents cut admin by ~2.8 hours daily and reduce onboarding 85% 5M+ Clinical Tasks completed to date, serving 36+ specialties Raised $25M from YC, Eric Yuan, Amity, Semper Virens Patented AI architecture (MedCon‑1) outperforms GPT‑4.5, Gemini, Claude on clinical reasoning tasks What You’ll Do Own security and compliance execution end‑to‑end, ensuring Sully can scale quickly without security or compliance becoming a bottleneck. Identify, prioritize, and resolve security and compliance risks that could block customer acquisition, enterprise deals, or clinical deployments. Partner closely with engineering, product, clinical, and leadership teams to embed security into day‑to‑day workflows rather than bolting it on after the fact. Design and implement pragmatic security programs that work in a fast‑moving startup environment — not theoretical frameworks. Build leverage through automation, tooling, and clear processes that reduce risk while increasing velocity. What You Must Bring Extremely high agency. You take action without waiting for direction and reliably deliver results under pressure. Proven experience owning security and compliance initiatives in early‑stage or fast‑moving environments. Ability to reason through ambiguous, high‑stakes problems in real time and clearly explain your decision‑making. Comfort operating in “wicked” environments with unclear rules, incomplete information, and non‑repeatable problems. Strong written and verbal communication skills, with the ability to document risks, findings, and recommendations backed by evidence. A “no matter what” execution mindset — when something must get done, you find a way. First‑Month Focus Identify security and compliance items that could immediately block customer acquisition or deployments. Stand up a Third‑Party Risk Management program leveraging existing tools and vendors. Ensure all user devices meet required security and compliance standards. Define a clear, secure plan for contractor virtual environments. 90‑Day OKRs Resolve high‑risk security and compliance gaps tied directly to company objectives. Ensure security and compliance do not block engineering, product, or customer‑facing teams from serving clients. Establish repeatable processes and automation that reduce ongoing security risk while increasing team velocity. If you’ve ever said, "I want to do work that actually matters", this is it. Let’s build something life‑changing, together. Who Thrives Here Entrepreneurial to your core: You think in outcomes, thrive in chaos, and take ownership without limits Mission‑obsessed: You’re here to save lives, not just ship features — patients and doctors are your why. Impact‑driven & fast‑moving: You sprint toward hard problems and ship with sharp judgment. Elite teammate: You raise the bar through high standards, direct feedback, and craft excellence. Why Join Sully.ai? Revolutionizing the antiquated $800B+ Healthcare market 50%+ of us are ex‑founders. We hire A‑players, not passengers ⚡️ Speed matters - we operate with urgency, autonomy, and ownership You’ll work on real, first‑of‑the‑ir‑kind problems at the edge of AI and medicine ❤️ Your work helps doctors reclaim their time - and patients get better, faster care #J-18808-Ljbffr odiggo