Director, GRC & Data Protection jobs in United States
cer-icon
Apply on Employer Site
company-logo

Phreesia · 4 hours ago

Director, GRC & Data Protection

positionUnited States
timeFull-time
remoteRemote
seniorityDirector/Executive
date12+ years exp

Phreesia is seeking a Director, GRC & Data Protection to lead their governance, risk, compliance, and data security programs in a SaaS environment. This role involves designing and implementing security controls while collaborating with various teams to ensure data security requirements are integrated into product development.

Health CareHospitalInformation TechnologyMedical
check
H1B Sponsor Likelynote
Hiring Manager
Kseniia Makhno
linkedin

Responsibilities

Lead and mature our governance, risk, and compliance program, aligned to NIST CSF 2.0 and our enterprise risk framework
Own overall strategy and execution for data security (encryption, backups, DSPM, data lifecycle controls) in close partnership with Product, Engineering, and Infrastructure
Serve as the primary infosec leader for PCI-DSS Level 1, HITRUST, SOC 2, and SOX ITGC coordination, ensuring evidence (including penetration testing), narratives, and controls are consistent and efficient
Partner with product and engineering teams to embed security into software development lifecycles, roadmap planning, and quarterly business reviews
Govern & guide Third Party Risk Management (TPRM) objectives
Act as a matrixed leader, influencing teams you don’t directly manage while providing clear, actionable guidance to executives, developers, and staff
Function as backup to the CISO for key decisions, stakeholders, and external meetings with customers, auditors, and regulators

Qualification

GRCData ProtectionPCI DSSHITRUSTSOC 2SOX ITGCNIST CSFCloud SecurityData Security ArchitecturesCISSPCISMCISACRISCTechnical FluencyAnalytical SkillsProgram ManagementInterpersonal Communication

Required

Bachelor's Degree required, advanced degree preferred
CISSP, CISM, CISA, CRISC, PCI ISA/QSA, or similar preferred
Experience in healthcare, health IT, payments, or other highly regulated data environments where PCI, HITRUST, SOX, and SOC 2 interact
Prior role as Head of GRC, or Security & Compliance lead for a Level 1 service provider or HITRUST-certified organization
12+ years in information security, with 7+ years in leadership roles across at least two of: GRC, data security, security architecture/engineering, or security assurance
Significant experience in a product-driven, software development company (e.g., SaaS, cloud platform, or software publisher), working closely with Product Management and Engineering organizations
Deep, hands-on experience leading multiple full cycles of all of the following in a cloud/SaaS or otherwise regulated environment: PCI DSS Level 1 service provider RoC with a QSA (scoping, control design, evidence strategy, remediation management)
HITRUST CSF readiness and certification/validated assessment
SOX ITGC engagement in a consultative/coordination capacity with Finance/Internal Audit (not necessarily full program ownership)
SOC 2 Type II audits against the Trust Services Criteria
Strong technical fluency in: Data security architectures (encryption at rest/in transit, tokenization, KMS/HSM, DLP, logging/monitoring)
Cloud and SaaS security concepts relevant to PCI/HITRUST/SOC 2 environments
Demonstrated ability to design and evaluate controls, not just document them, and to work directly with engineers on implementation details
Exceptional written and verbal communication skills, including direct experience presenting to senior executives and boards on security posture, risk, and audit outcomes
Proven effectiveness in a highly matrixed organization, influencing cross-functional stakeholders and resolving conflicting priorities

Benefits

100% Remote work + home office expense reimbursements
Competitive compensation
Flexible PTO + 8 company holidays
Monthly reimbursement for cell phone + internet + wellness
100% Paid 12-week parental leave to our U.S. employees, as well as a generous parental benefit to our employees in Canada
Variety of insurance coverage for people (and pets!)
Continuing education and professional certification reimbursement
Opportunity to join an Employee Resource Group.

Company

Phreesia

twittertwittertwitter
Glassdoor3.1
company-logo
Phreesia is a healthcare centre that provides automated patient check-in processes for personal health. It is a sub-organization of Phreesia.
dateFounded in 2005
location
Wilmington, Delaware, USA
people-size1001-5000 employees
web-link
http://www.phreesia.com

H1B Sponsorship

Phreesia has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (6)
2024 (4)
2023 (4)
2022 (7)
2021 (12)
2020 (4)

Funding

Current Stage
Public Company
Total Funding
$112.65M
Key Investors
LLR PartnersAscension VenturesPolaris Partners
2019-07-18IPO
2017-11-08Series Unknown· $17M
2014-10-23Series Unknown· $30M

Leadership Team

leader-logo
Chaim Indig
CEO
linkedin
leader-logo
Jack Callahan
Chief Technology Officer
linkedin

Recent News

HealthCareIT News
Evergreen Family saves $650K in two months with AI phone system
2025-12-30
MarketScreener
Phreesia Named to The Software Report’s “Top 50 Software Companies” for the Fourth Consecutive Year
2025-12-18
The Motley Fool
Why Phreesia Stock Plummeted by 23% Today
2025-12-10
Company data provided by crunchbase