Director of Governance Risk and Compliance at LetsGetChecked

Role Overview

The Director of GRC will be a pivotal leader responsible for architecting and maintaining a unified security and compliance framework across multiple healthcare entities. Your primary mission is to lead the organization through the rigorous process of achieving and maintaining HITRUST CSF and ISO 27001 & 27799 certifications.

You will bridge the gap between technical security controls and enterprise risk management, ensuring that our data protection strategies align with HIPAA/HITECH requirements and the highest industry standards.

As the Director of Governance, Risk & Compliance you will:

• Report to the Head of Information Security as a key member of the Information Security Team.
• Provide leadership in the pursuit and maintenance of compliance certifications (HITRUST & ISO 27001)
• Framework Ownership: Serve as the primary architect for the HITRUST CSF and ISO 27001 implementation roadmaps.
• Audit Management: Own the relationship with the external assessors, manage the evidence-collection process, and serve as the main point of contact for all certification audits.
• Gap Remediation: Identify control deficiencies and work cross-functionally with IT and Clinical Operations to implement corrective actions.
• Manage multi-entity governance
• Policy Harmonization: Standardize security policies across all business entities while accounting for unique operational requirements for each.
• Committee Leadership: Chair the GRC Steering Committee to report on compliance health, risk posture, and certification progress to leadership.
• Participate in Risk & Privacy Management
• Enterprise Risk Assessment: Conduct regular HIPAA Security Risk Analyses (SRA) and privacy impact assessments as needed and agreed.
• Third-Party Risk Management (TPRM): Oversee the vendor risk management program, defining security standards for all business associates (BAs).
• Manage Compliance Operations
• Continuous Monitoring: Move the organization from "point-in-time" compliance to a continuous monitoring model using GRC automation tools.
• Have the ability to strategically influence  to gain buy-in from clinical leaders and department heads who may view compliance as a barrier to workflow.
• Have proficiency in mapping overlapping controls between different frameworks to reduce "audit fatigue."
• Have an exceptional ability to translate complex technical risks into business terms for leadership.

What you need:

• 10+ years in IT/Security GRC, with at least 5 years in a leadership role.
• Comfortable working in a fast-paced environment with excellent communication skills.
• Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing / contributing to technical publications.
• Deep understanding of HIPAA, HITECH, and CMS regulations.
• Proven experience leading at least one organization through a full HITRUST (r2) or ISO 27001 certification cycle.
• Bachelor’s degree in IT, Healthcare Administration, or a related field (Master’s preferred).
• Certifications such as CISA, CISM, or CISSP. Highly Desired: CCSFP (HITRUST Practitioner) required.

The base salary range for this role is €85,000 - €95,000.

Closing date for applications 28th February 2026.

Benefits: 

Alongside base salary we offer a range of benefits including: 

• Health insurance and an Employee Assistance Programme 
• Pension
• LetsGetChecked has a flexible annual leave policy
• Annual Compensation Reviews
• 3 paid volunteer days per year
• Free monthly LetsGetChecked tests as we are not only focused on the well being of our patients but also the well being of our teams
• A referral bonus programme to reward you for helping us hire the best talent
• Internal Opportunities and Careers Clinics to help you progress your career within the company
• Maternity, Paternity, Parental and Wedding leave