CHG Healthcare

Governance, Risk and Compliance Manager

CHG Healthcare

full-time

Posted on:

Origin:  • 🇺🇸 United States • Utah

Visit company website
AI Apply
Manual Apply

Salary

💰 $102,100 - $197,100 per year

Job Level

Mid-LevelSenior

Tech Stack

SaltStack

About the role

  • Lead the design, implementation, and continuous improvement of the organization’s Governance, Risk, and Compliance program.
  • Act as a central liaison between senior leadership, business units, auditors, and regulators.
  • Ensure strategic objectives are met while legal, regulatory, and contractual obligations are satisfied.
  • Develop, maintain and socialize enterprise-wide GRC policies, standards and procedures.
  • Facilitate cross-functional steering committees; provide regular risk and compliance reporting to executives and the board.
  • Align the GRC program with business strategy, ensuring clear accountability across departments.
  • Own the full risk management lifecycle: identification, assessment, treatment, monitoring and reporting.
  • Maintain the enterprise information security risk register and conduct periodic risk reviews using industry frameworks.
  • Lead scenario analyses and business impact assessments (BIA); recommend and track mitigation plans.
  • Implement financial loss expectancy models for quantitative risk assessment.
  • Manage external audits and assessments (e.g., SOC II) from scoping through remediation.
  • Monitor emerging regulatory changes (GDPR, CCPA/CPRA, etc.) and advise stakeholders on required controls.
  • Coordinate third-party attestation activities and maintain evidence demonstrating compliance.
  • Support the enterprise through unified audit lifecycle management.
  • Map regulatory and contractual requirements to internal controls; oversee control testing, maturity scoring and improvement initiatives.
  • Partner with Information Security to integrate technical controls—such as IAM, vulnerability scanning and incident response—into the GRC platform.
  • Ensure policies are reviewed, approved and communicated on a defined cadence.
  • Design and deliver ongoing risk and compliance training for employees, contractors and key vendors.
  • Promote a culture of compliance and ethical behavior through targeted campaigns and leadership engagement.
  • Lead, mentor and develop a team of analysts or specialists; set goals and measure performance.
  • Evaluate and manage GRC software tools and third-party risk management solutions.
  • Oversee budgets related to compliance initiatives and external consulting support.

Requirements

  • Deep understanding of security control frameworks (SOC II, ISO 27001, NIST)
  • Experience with regulatory compliance requirements (GDPR, CCPA/CPRA)
  • Proficiency with GRC platforms and risk management tools
  • Understanding of technical security controls and their implementation
  • Excellent written and verbal communication skills with ability to translate technical concepts for business audiences
  • Strong project management skills with ability to manage multiple concurrent initiatives
  • Demonstrated ability to influence and build consensus across organizational boundaries
  • Critical thinking and problem-solving capabilities
  • Detail-oriented with strong organizational skills
  • 5+ years of experience in GRC, risk management, compliance, or information security
  • 2+ years of experience leading or managing audit engagements (SOC II preferred)
  • Experience building GRC programs in healthcare technology or SaaS environments