Governance Risk & Compliance Manager

Manager Of Grc

CHG shook things up in 1979 by inventing the locum tenens staffing model. We connect doctors with patients who need their care. As the largest physician staffing firm in America, our providers treat millions of patients each year. Our industry is growing and demand is high. This means you'll have plenty of opportunities to grow and develop in your career. Keeping healthcare healthy can be as fun as it is rewarding.

The Manager of GRC leads the design, implementation, and continuous improvement of the organization's Governance, Risk, and Compliance program. Acting as a central liaison between senior leadership, business units, auditors, and regulators, the role ensures that strategic objectives are met while legal, regulatory, and contractual obligations are satisfied. The ideal candidate combines deep knowledge of risk management frameworks with strong communication and project management skills.

Responsibilities

Governance

• Develop, maintain and socialize enterprise-wide GRC policies, standards and procedures
• Facilitate cross-functional steering committees; provide regular risk and compliance reporting to executives and the board
• Align the GRC program with business strategy, ensuring clear accountability across departments

Risk Management

• Own the full risk management lifecycle: identification, assessment, treatment, monitoring and reporting
• Maintain the enterprise information security risk register and conduct periodic risk reviews using industry frameworks
• Lead scenario analyses and business impact assessments (BIA); recommend and track mitigation plans
• Implement financial loss expectancy models for quantitative risk assessment

Compliance & Audit

• Manage external audits and assessments (e.g., SOC II) from scoping through remediation
• Monitor emerging regulatory changes (GDPR, CCPA/CPRA, etc.) and advise stakeholders on required controls
• Coordinate third-party attestation activities and maintain evidence demonstrating compliance
• Support the enterprise through unified audit lifecycle management

Policy & Control Framework

• Map regulatory and contractual requirements to internal controls; oversee control testing, maturity scoring and improvement initiatives
• Partner with Information Security to integrate technical controlssuch as IAM, vulnerability scanning and incident responseinto the GRC platform
• Ensure policies are reviewed, approved and communicated on a defined cadence

Training & Awareness

• Design and deliver ongoing risk and compliance training for employees, contractors and key vendors
• Promote a culture of compliance and ethical behavior through targeted campaigns and leadership engagement

Team Leadership & Vendor Management

• Lead, mentor and develop a team of analysts or specialists; set goals and measure performance
• Evaluate and manage GRC software tools and third-party risk management solutions
• Oversee budgets related to compliance initiatives and external consulting support

Qualifications

• Deep understanding of security control frameworks (SOC II, ISO 27001, NIST)
• Experience with regulatory compliance requirements (GDPR, CCPA/CPRA)
• Proficiency with GRC platforms and risk management tools
• Understanding of technical security controls and their implementation
• Excellent written and verbal communication skills with ability to translate technical concepts for business audiences
• Strong project management skills with ability to manage multiple concurrent initiatives
• Demonstrated ability to influence and build consensus across organizational boundaries
• Critical thinking and problem-solving capabilities
• Detail-oriented with strong organizational skills

Education & Experience

• 5+ years of experience in GRC, risk management, compliance, or information security
• 2+ years of experience leading or managing audit engagements (SOC II preferred)
• Experience building GRC programs in healthcare technology or SaaS environments

Preferred

• Experience in healthcare or healthcare technology industry
• Experience with enterprise risk management frameworks
• Track record of successful SOC II Type II implementations
• Experience managing distributed teams across multiple business units