Back to jobsApply
Phreesia

Phreesia empowers patients to take an active role in their health and achieve better outcomes.

Director, GRC, Data Protection

ComplianceComplianceFull TimeRemoteTeam 1,001-5,000Since 2005H1B SponsorCompany SiteLinkedIn

Location

Florida + 4 moreAll locations: Florida, Illinois, New Jersey, New York, Texas

Posted

19 days ago

Salary

Not specified

Bachelor Degree12 yrs expEnglishCloud

Job Description

• Lead and mature our governance, risk, and compliance program, aligned to NIST CSF 2.0 and our enterprise risk framework. • Own overall strategy and execution for data security (encryption, backups, DSPM, data lifecycle controls) in close partnership with Product, Engineering, and Infrastructure. • Serve as the primary infosec leader for PCI-DSS Level 1, HITRUST, SOC 2, and SOX ITGC coordination, ensuring evidence (including penetration testing), narratives, and controls are consistent and efficient. • Partner with product and engineering teams to embed security into software development lifecycles, roadmap planning, and quarterly business reviews. • Govern & guide Third Party Risk Management (TPRM) objectives. • Act as a matrixed leader, influencing teams you don’t directly manage while providing clear, actionable guidance to executives, developers, and staff. • Function as backup to the CISO for key decisions, stakeholders, and external meetings with customers, auditors, and regulators.

Job Requirements

  • Bachelor's Degree required, advanced degree preferred
  • Certifications CISSP, CISM, CISA, CRISC, PCI ISA/QSA, or similar preferred
  • Experience in healthcare, health IT, payments, or other highly regulated data environments where PCI, HITRUST, SOX, and SOC 2 interact.
  • Prior role as Head of GRC, or Security & Compliance lead for a Level 1 service provider or HITRUST-certified organization.
  • 12+ years in information security, with 7+ years in leadership roles across at least two of: GRC, data security, security architecture/engineering, or security assurance.
  • Significant experience in a product-driven, software development company (e.g., SaaS, cloud platform, or software publisher), working closely with Product Management and Engineering organizations.
  • Deep, hands-on experience leading multiple full cycles of all of the following in a cloud/SaaS or otherwise regulated environment: PCI DSS Level 1 service provider RoC with a QSA (scoping, control design, evidence strategy, remediation management).
  • HITRUST CSF readiness and certification/validated assessment.
  • SOX ITGC engagement in a consultative/coordination capacity with Finance/Internal Audit (not necessarily full program ownership).
  • SOC 2 Type II audits against the Trust Services Criteria.
  • Strong technical fluency in: Data security architectures (encryption at rest/in transit, tokenization, KMS/HSM, DLP, logging/monitoring).
  • Cloud and SaaS security concepts relevant to PCI/HITRUST/SOC 2 environments.
  • Exceptional written and verbal communication skills, including direct experience presenting to senior executives and boards on security posture, risk, and audit outcomes.
  • Proven effectiveness in a highly matrixed organization, influencing cross-functional stakeholders and resolving conflicting priorities.

Benefits

  • 100% Remote work + home office expense reimbursements
  • Competitive compensation
  • Flexible PTO + 8 company holidays
  • Monthly reimbursement for cell phone + internet + wellness
  • 100% Paid 12-week parental leave to our U.S. employees, as well as a generous parental benefit to our employees in Canada
  • Variety of insurance coverage for people (and pets!)
  • Continuing education and professional certification reimbursement
  • Opportunity to join an Employee Resource Group.

Related Categories

Compliance

Related Job Pages

Compliance Jobs in FloridaRemote Full-time Jobs (US)More US Remote Jobs