"
At Commure, our mission is to simplify healthcare. We have bold ambitions to reimagine the healthcare experience, setting a new standard for how care is delivered and experienced across the industry. Our growing suite of AI solutions spans ambient AI clinical documentation, provider copilots, autonomous coding, revenue cycle management and more all designed for providers & administrators to focus on what matters most: providing care.
Healthcare is a $4.5 trillion industry with more than $500 billion spent annually on administrative costs, and Commure is at the heart of transforming it. We power over 500,000 clinicians across hundreds of care sites nationwide more than $10 billion flows through our systems and we support over 100 million patient interactions. With new product launches on the horizon, expansion into additional care segments, and a bold vision to tackle healthcares most pressing challenges, our ambition is to move from upstart innovator to the industry standard over the next few years.
Commure was recently named to Fortune s Future 50 list for 2025 and is backed by world-class investors including General Catalyst, Sequoia, Y Combinator, Lux, Human Capital, 8VC, Greenoaks Capital, Elad Gil, and more. Commure has achieved over 300% year-over-year growth for the past two years and this is only the beginning. Healthcares moment for AI-powered transformation is here, and were building the technology to power it. Come join us in shaping the future of healthcare.
About the Role
We re seeking an experienced
GRC Lead
to drive Commure s governance, risk, and compliance strategy
across our global operations. In this critical leadership role, you will act as the
architect of our compliance framework
, owning the end-to-end compliance lifecycle
from policy design and risk assessment to audit coordination and organization-wide awareness. As the GRC Lead, you ll work at the intersection of
technology, security, and healthcare regulation
, ensuring that our products and operations adhere to the highest standards of integrity, data protection, and operational excellence. Key Responsibilities
Compliance & Governance Leadership
-
Design, implement, and oversee comprehensive IT compliance and governance programs aligned with
HIPAA
, GDPR
, CCPA
, and other data privacy regulations. -
Develop and continuously refine
IT security policies, standards, and procedures
to balance compliance rigor with operational efficiency. -
Validate and approve IT processes and activities to ensure conformance with regulatory and organizational mandates.
-
Act as the primary liaison between internal stakeholders, executive leadership, and external auditors on all compliance-related matters.
Risk Management & Assessment
-
Build and maintain a robust
risk management framework
to proactively identify, assess, and mitigate IT and operational risks. -
Conduct regular
risk assessments
, internal audits, and control evaluations to detect vulnerabilities and compliance gaps. -
Perform
physical security audits
and validate adherence to standards across facilities and third-party locations.
Audit & Quality Assurance
-
Manage
internal and external audit processes
, ensuring preparedness, accuracy, and timely resolution of findings. -
Conduct
periodic compliance inspections
across organizational and vendor sites to validate adherence to policies. -
Track, report, and close remediation actions while driving continuous improvement of compliance systems and procedures.
Training & Advisory
-
Design and deliver engaging
compliance and security awareness training
programs for employees at all levels. -
Serve as a
trusted advisor
to leadership and business units on compliance strategy, risk mitigation, and program effectiveness. -
Prepare comprehensive compliance reports, dashboards, and presentations for executive stakeholders and the Head of Privacy.
Investigation & Remediation
-
Lead or support internal investigations into compliance violations, data incidents, or policy breaches.
-
Develop and implement
corrective action plans
to address compliance gaps and prevent recurrence. -
Monitor emerging risks and regulatory changes to ensure proactive compliance readiness.
Required Qualifications
-
Bachelor s degree in
Information Technology, Computer Science, Cybersecurity, Risk Management
, or related discipline (Master s preferred). -
5+ years
of progressive experience in GRC, IT compliance, cybersecurity assurance
, or related governance roles. -
Deep expertise in
HIPAA
, GDPR
, CCPA
, and IT risk management frameworks such as NIST
, ISO 27001
, and SOC 2
. -
Proven experience in
internal audits
, risk assessments
, and implementing compliance programs in complex or regulated environments. -
Demonstrated ability in
vendor risk management
, third-party audits, and compliance oversight. -
Strong written and verbal communication skills with the ability to simplify complex regulatory concepts for diverse audiences.
Preferred Qualifications
-
Professional certifications such as:
-
CISA
(Certified Information Systems Auditor) -
CISM
(Certified Information Security Manager) -
CISSP
(Certified Information Systems Security Professional) -
ISO 27001 Lead Auditor
-
CRISC
(Certified in Risk and Information Systems Control) -
CHPC
(Certified in Healthcare Privacy Compliance)
-
Experience within
healthcare technology
, digital health
, or similarly regulated industries. -
Proven success in
building and scaling GRC programs
within high-growth or global organizations. -
Familiarity with
GRC platforms
and compliance management tools.
Key Competencies
-
Strategic Leadership:
Ability to architect and operationalize GRC programs that safeguard organizational integrity while enabling innovation. -
Analytical Rigor:
Strong diagnostic and problem-solving capabilities with a methodical approach to risk analysis and control design. -
Ethical Judgment:
Unwavering commitment to confidentiality, integrity, and ethical governance. -
Communication & Influence:
Skilled at articulating complex compliance matters to both technical and non-technical audiences. -
Project Management:
Adept at managing multiple concurrent initiatives with precision and accountability. -
Collaboration & Independence:
Strong cross-functional partnership skills, equally effective when leading or working autonomously. -
Adaptability:
Ability to stay ahead of evolving regulatory landscapes, emerging risks, and technology trends.
