Head of Technology Governance Risk Compliance (GRC) - (Hybrid - San Diego, CA or Acton, MA) jobs in United States
info-icon
This job has closed.
company-logo

Insulet Corporation · 3 months ago

Head of Technology Governance Risk Compliance (GRC) - (Hybrid - San Diego, CA or Acton, MA)

positionSan Diego, California
timeFull-time
remoteHybrid
seniorityDirector/Executive
money$217K/yr - $326K/yr
date15+ years exp

Insulet Corporation is an innovative medical device company dedicated to simplifying life for people with diabetes through its Omnipod product platform. The Head of Technology GRC will lead the enterprise-wide function encompassing Information Security, Governance, Technology Risk, and Compliance, while managing senior leaders and collaborating with various departments to build the technology risk and compliance strategy.

Health CareMedicalMedical Device
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Setting the strategic direction of the Technology GRC organization and oversight of the team that designs, implements, and maintains the IT GRC framework, including policies, standards, and controls aligned with business objectives and risk appetite
Oversees and sets the Insulet roadmap for our Information Security Management System (ISMS), ensuring alignment with ISO 27001 and other relevant frameworks
Overseeing self-assessments, escalating decisions and escalations per requirements, to drive decisions, and risk reduction
Govern Business Continuity Management Program and lead risk quantification efforts
Design and implement a robust Three Lines of Defense (3LOD) framework, clearly delineating roles and responsibilities across business units, risk management, and internal audit to enhance accountability, risk ownership, and assurance effectiveness in alignment with industry best practices
Lead risk assessments activities, integrating findings into Risk Register or into the Enterprise Risk Management (ERM) program
Maintain and report on the risk register, risk treatment plans, and mitigation strategies
Provide actionable, data-driven insights to executive leadership and the Board on risk posture and emerging threats
Ensure compliance with HIPAA, HITECH, FDA cybersecurity guidance, SOX, GDPR, CMMC and other applicable regulations
Oversee internal and external audits, including SOC 2, ISO 27001, and HITRUST certifications
Serve as the primary liaison to auditors, regulators, and legal teams on cybersecurity compliance matters
Lead the third-party risk management program, including vendor due diligence, contract reviews, and continuous monitoring
Ensure supply chain security practices meet regulatory and industry expectations, including FDA and SEC guidance
Oversee enterprise-wide security awareness and training programs, including phishing simulations and compliance education
Foster a culture of risk awareness and accountability across all levels of the organization
Govern the enterprise cyber incident response plan, including tabletop exercises and business continuity planning
Ensure readiness for ransomware, data breaches, and other high-impact events
Lead the development of an enterprise-wide Business Continuity Program (BCP), ensuring readiness for operational disruptions and alignment with risk management strategies
Define and track key performance indicators (KPIs/KRI’s) and metrics for risk, quantification, compliance, and control effectiveness
Deliver quarterly board updates, annual program reviews, and ad hoc reports on incidents, audits, and compliance status
Representing the organization in industry forums (e.g., H-ISAC), regulatory discussions, and peer collaborations
Stay ahead of emerging technologies (e.g., AI, IoMT, cloud) and evolving regulatory landscapes to inform GRC strategy
Develop budgets and resource requirements for direct reporting teams
Participate in the development of team strategic plans, annual goal and delivery plans, and quarterly and monthly updates and retrospectives

Qualification

GRC frameworks expertiseRisk management experienceRegulatory compliance knowledgeLeadership in GRC programsCISSP certificationCISM certificationCISA certificationCRISC certificationCIPP certificationGRC platformsExecutive presenceAnalytical skillsTeam managementCommunication skillsCollaboration skills

Required

Proven executive leader with a track record of building and scaling high-performing, cross-functional teams in complex, regulated environments
Demonstrated ability to influence across the enterprise, including ELT and Board-level stakeholders, to drive alignment and accountability for risk and compliance outcomes
Builds trust quickly and leads with integrity, transparency, and a collaborative mindset
Skilled at navigating ambiguity and driving clarity in high-stakes, fast-paced environments
Deep expertise in security and risk frameworks and regulations, including NIST CSF, ISO 27001, SOC 2, HIPAA, HITRUST, FDA cybersecurity guidance, GDPR, and SOX
Strong executive presence with the ability to translate complex risk and compliance issues into actionable business insights for C-level and Board audiences
Experience leading enterprise-wide GRC programs that span cybersecurity, privacy, product security, and data governance
Demonstrated success in maturing GRC capabilities through automation, metrics, and continuous improvement
Managed and mentored teams of 15+ or more and held the title of a director or above
15–20+ years of progressive experience in information security, risk management, or IT audit, with at least 5 years in a senior GRC leadership role
Proven experience leading global GRC teams and managing complex compliance programs in highly regulated industries (e.g., healthcare, medtech, financial services)

Preferred

Advanced degree (e.g., MBA, MS in Cybersecurity, or related discipline)
Professional certifications such as CISSP, CISM, CISA, CRISC, or CIPP
Experience with GRC platforms and automation tools (e.g., Archer, ServiceNow GRC, OneTrust)
Familiarity with cloud security compliance frameworks (e.g., CSA CCM, FedRAMP, HITRUST for cloud)
Experience integrating cybersecurity with enterprise risk management, privacy, and product lifecycle governance
Demonstrated ability to apply a methodical, risk-based approach to evaluating and governing the use of AI technologies across the enterprise

Company

Insulet Corporation

twittertwitter
Glassdoor4.0
company-logo
Insulet Corporation (NASDAQ: PODD), headquartered in Massachusetts, is an innovative medical device company dedicated to simplifying life for people with diabetes and other conditions through its Omnipod product platform.
dateFounded in 2000
location
Acton, Massachusetts, USA
people-size1001-5000 employees
web-link
https://www.insulet.com

H1B Sponsorship

Insulet Corporation has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (58)
2024 (43)
2023 (19)
2022 (33)
2021 (41)
2020 (17)

Funding

Current Stage
Public Company
Total Funding
$629.5M
Key Investors
DeerfieldOrbiMedAlta Partners
2025-03-18Post Ipo Debt· $450M
2009-03-16Post Ipo Debt· $60M
2007-05-15IPO

Leadership Team

leader-logo
Ashley McEvoy
President & Chief Executive Officer
linkedin
leader-logo
Ana Maria Chadwick
Chief Financial Officer
linkedin

Recent News

Fortune
Women exec moves at Unilever, Rothy’s, and more to watch this week
2025-12-20
BioSpace
Insulet to Participate in 44th Annual J.P. Morgan Healthcare Conference
2025-12-17
MarketScreener
Insulet Corporation Announces FDA 510(k) Clearance of Omnipod® 5 Algorithm Enhancements That Redefine Insulin Delivery and Simplify the Pod Experience
2025-12-05
Company data provided by crunchbase