This job has closed.

Hippocratic AI · 3 days ago

Head of Governance, Risk and Compliance

Palo Alto, CA

Full-time

Onsite

Director/Executive

10+ years exp

Hippocratic AI is the leading generative AI company in healthcare, focused on transforming patient outcomes with a safety-first approach. The Head of GRC will oversee the execution and improvement of governance, risk, and compliance programs, ensuring they align with the company's mission and scale with business growth.

Artificial Intelligence (AI)Foundational AIGenerative AIHealth CareInformation Technology

Growth Opportunities

Responsibilities

Develop and own the GRC program roadmap: define goals, deliverables, success criteria, timelines, and key milestones aligned with Hippocratic AI’s strategic objectives (safety, regulatory readiness, trust frameworks)

Establish and refine frameworks, processes, and best practices for GRC within the company context (healthcare-AI domain)

Manage portfolio of GRC projects: from operational documentation to remediation items, audit readiness, risk assessments, vendor/third-party governance

Collaborate with other program /project managers in InfoSec, Product, and Clinical Ops to align on methodology, reporting, and metrics to prevent silos

Design and deliver regular reporting on program health, risk metrics, and compliance status to senior leadership and partner functions

Lead remediation tracking: identify, document, escalate, and monitor mitigation efforts across projects and operations

Maintain documentation management: templates, document structure, and content governance for GRC artifacts (policies, procedures, controls)

Support strategic planning for GRC: annual/quarterly planning cycles, resource alignment, cross-functional dependencies

Act as an ambassador of the GRC function across the organization: build stakeholder relationships and cultivate a risk-aware culture

Qualification

GovernanceRiskComplianceProgram ManagementData GovernanceTechnical Bachelor's DegreeProject Management ToolsSecurity ConceptsStakeholder ManagementAccountabilityJudgmentAmbiguity ManagementTrust BuildingCompeting Priorities ManagementHigh-Quality OutcomesRegulatory Environment ExperienceVendor Risk ManagementCompliance Automation ToolsHealthcare ExperienceSaaS/Cloud ExperienceExternal Auditors InteractionCertifications PMPCertifications CISACertifications etc.Cross-Functional CollaborationEffective Communication

Required

Proven experience (10+ years) as a program manager or analyst focused on governance, risk, or compliance—ideally in a regulated environment (healthcare, fintech, SaaS)

Capable of leading complex technical programs and driving projects through ambiguity to results

Understand security, data governance, and compliance requirements (including healthcare-adjacent risks), and are comfortable translating technical and regulatory concepts into actionable operations

Can communicate effectively with technical and non-technical audiences, including senior leaders

Hold yourself accountable for delivering high-quality outcomes on schedule in a fast-moving environment

Build stakeholder trust, manage competing priorities, and apply sound judgment when multiple routes exist

Thrive in cross-functional settings and can represent the GRC team credibly across engineering, clinical, product, and business functions

Technical Bachelor's degree (or equivalent experience)

10+ years in a program or project-management role in a GRC, security, or similar domain

Demonstrated success leading technical programs and delivering results

Strong grasp of governance, risk management, compliance fundamentals (audit controls, internal control frameworks, or equivalent)

Familiarity with project management tools (e.g., Jira, ServiceNow) and comfortable establishing new processes

Strong understanding of security concepts, data governance, vendor risk management, and operations in a regulated/health-adjacent context. (HIPAA, HITRST, SOC 2, ISO, SaMD, and others)