We deliver uncompromising care and lasting partnerships across acute and post-acute settings.
Senior Manager, Governance Risk & Compliance
Location
United States
Posted
3 days ago
Salary
$130K - $160K / year
Seniority
Senior
Job Description
Senior Manager, Governance Risk & Compliance
Sound Physicians
• Lead the execution of the enterprise information security GRC program and report directly to the CISO. • Translate the CISO’s cybersecurity strategy and risk tolerance into scalable and defined processes, measurable outcomes, and defensible compliance posture. • Own the security risk lifecycle, including assessments, tracking, remediation, and escalation of material risks to the CISO. • Maintain the security policy framework and translate standards (e.g., NIST CSF, ISO 27001, SOC 2) into actionable control requirements. • Manage security related compliance activities and audits; maintain evidence and track remediation to closure. • Operate the vendor security risk management program and escalate high risk vendors and systemic issues. • Produce concise risk and compliance metrics and dashboards for the CISO and senior leadership. • Mentor GRC staff and act as a trusted advisor to Security, IT, Legal, Privacy, and business teams. • Partner with the CISO and Sr. Manager of Security Operations to update the Strategic Information Security Program.
Job Requirements
- Bachelor’s degree in Information Security, Cybersecurity, Information Systems, Computer Science, Business Administration, or a related field
- 7+ years of experience in information security GRC or risk management.
- Strong knowledge of HIPAA Security rule, NIST CSF, ISO 27001, SOC 2, and security risk practices.
- Experience with risk assessments, audits, and control testing.
- Ability to clearly communicate security risk to senior leaders.
- Proven ability to mentor and develop GRC team members and develop working relationships across organizations.
- Broad knowledge of technology and security risks.
- Preferred: CISSP, CISM, CRISC, CISA, or similar certifications.
- Experience in a CISO led security organization or regulated environment.
Benefits
- Medical insurance
- Dental insurance
- Vision insurance
- Health care and dependent care flexible spending account
- 401(k) retirement savings plan with a company match
- Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
- Ten company-paid holidays per year
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Analyst, Compliance – Investigations
GeminiGemini is a next generation cryptocurrency platform that allows customers to buy, sell, store and earn crypto.
• Conduct investigations of customer activity to determine whether such activity warrants reporting in accordance with relevant AML regulation and guidance. • Draft and prepare Suspicious Activity Reports (SARs). • Perform blockchain analysis utilizing blockchain analytics to review customer activity, including direct and indirect exposure. • Analyze customer data including, but not limited to, IP addresses, device information and signals, open source intelligence (OSINT), transaction histories, customer identification and source of wealth documentation. • Conduct customer outreach to gather additional information regarding customer activity. • Balance numerous projects, queues and priorities in a fast-paced environment.
Senior Associate, Compliance Technology – Compliance Automation
CoinbaseWe're building an open financial system for the world.
• Build and maintain curated datasets and data models (e.g., case, alert, entity, transaction, and risk features) that power compliance controls across Transaction Monitoring, EDD/KYC, and Screening systems. • Own data quality for compliance datasets by implementing validation checks, monitoring, lineage tracking, and documentation to ensure outputs are accurate, complete, and audit-ready. • Partner with cross-functional engineering teams and Compliance stakeholders to close upstream data gaps, standardize instrumentation, and translate control requirements into scalable data structures and feature sets. • Drive detection signal quality improvements by analyzing detection outputs, identifying opportunities to reduce non-actionable noise while protecting sensitivity, and defining success metrics for controlled rollouts. • Execute measurement frameworks for compliance control effectiveness, including coverage, timeliness, stability, and outcome-based metrics, and build repeatable reporting pipelines consumable by Compliance leaders, operations teams, and auditors.
• Dig into complaints to uncover patterns and systemic issues, transforming customer pain points into actionable insights that shape Tilt’s products and services • Deliver trend analysis and clear, impactful recommendations to both frontline teams and Tilt’s leadership, driving continuous improvement across the company • Craft thoughtful and accurate responses to regulatory complaints that reflect our commitment to transparency and trust • Help maintain the UDAAP risk inventory, mapping Tilt's products and customer touchpoints to potential consumer-harm exposures and keeping risk ratings and ownership current as products evolve • Review customer support and operational processes and test AI chatbot workflows for areas presenting UDAAP risk • Conduct state-by-state regulatory research, beginning with EWA and disclosure laws, and maintain a periodic review cadence so Tilt stays ahead of a fast-moving state landscape • Provide occasional support to compliance testing and monitoring efforts, contributing subject-matter expertise on specific products or regulations as needed • Identify and implement process improvements across your compliance functions to reduce manual effort, minimize errors, and dive deep into analysis • Continuously assess and optimize compliance operations by applying automation, AI, and emerging technologies to strengthen risk management, drive efficiency, and support the company’s innovation-focused strategy
Director, Regulatory Affairs, CMC
BrainChild BioBrainChild Bio is harnessing the power of CAR-T cell technology for tumors in the central nervous system.
• Lead all operational and lifecycle management aspects of Regulatory CMC submissions (e.g., INDs, IMPDs, BLAs, MAAs, variations, amendments) supporting cell therapy development programs. • Develop and execute global regulatory CMC strategies that align with program objectives, regulatory requirements, and overall business strategy. • Serve as the Regulatory CMC lead on cross-functional program teams, providing strategic regulatory guidance for cell therapy development and lifecycle management. • Author, review, and coordinate Module 3 (M3) content, ensuring consistency, quality, and alignment across global regulatory submissions (e.g., US, EU, and other international health authorities). • Evaluate the regulatory impact of CMC changes through formal change control processes and define and execute appropriate filing strategies. • Proactively identify CMC regulatory risks, anticipate Health Authority questions, and develop mitigation and contingency strategies to support successful outcomes. • Lead or contribute to interactions with health authorities by preparing briefing packages, technical justifications, responses to information requests, and regulatory meeting support. • Collaborate cross‑functionally to ensure CMC deliverables meet regulatory requirements, quality standards, and program timelines. • Drive continuous improvement and best‑practice sharing for Regulatory CMC processes in a rapidly growing, dynamic environment.




