Full-Time Governance, Risk & Compliance Lead

About the Role:Guardant is seeking a Governance, Risk & Compliance (GRC) Lead with 7+ years of experience to drive the evolution of our Information Security Governance, Risk, and Compliance program.

At Guardant, we value innovation over rigid adherence to traditional compliance methods—our ideal candidate is a forward-thinking, non-dogmatic, new leader who sees compliance as a business enabler rather than a bottleneck.

After gaining experience supporting GRC programs designed or led by others, you are eager to build one that challenges the status quo.

This role is designed for someone who is willing to leverage native workplace technology to eliminate manual, repetitive, and performative tasks, allowing the organization to focus on our core mission.

Essential Duties and Responsibilities:

• Develop, maintain, and enhance the security governance, risk, and compliance program, emphasizing automation, right-sized controls, and proactive compliance monitoring, ensuring alignment with business objectives and regulatory requirements (e.g., HIPAA Security Rule, ISO 27001, GDPR, SOX-404).
• Lead the organization’s pursuit of ISO 27001 certification, ensuring compliance and continuous improvement of best practices.
• Drive a culture of accountability through success metrics and goals through continuous monitoring.
• Develop and maintain security policies, standards, and procedures that align with business goals and regulatory requirements.
• Identify and address governance gaps, ensuring timely implementation of recommendations across business units.
• Implement automated compliance and security controls to continuously monitor security risks, exceptions, testing, and overall compliance.
• Conduct and oversee internal assessments and security control testing, ensuring compliance with regulations and protecting sensitive data.
• Prepare and present risk assessments, and remediation plans to leadership, tracking progress toward resolution.
• Partner with Privacy, Compliance and Regulatory teams to ensure security operations meet regulatory and business needs.
• Establish and maintain a Security Trust Program to support customer engagements, audits, and assessments.
• Act as a trusted advisor to both business and technical teams, ensuring GRC goals align with the overall security strategy.
• Provide insights and recommendations to the CISO on regulatory changes and emerging risks.
• Restructure and streamline the third-party risk management program, ensuring vendors meet security and compliance requirements.

Essential Qualifications:

• 7+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, with at least 2 years in a leadership or program management role.
• Experience in healthcare settings preferred but not required.
• Experience with qualitative risk approaches or the ambition to fast ramp on such approaches.
• Strong knowledge of information security management, governance, and compliance principles, including laws, regulations, and industry standards.
• Deep understanding of regulatory frameworks and industry standards, including (Required): ISO 27001, HIPAA, GDPR, 21 CFR Part 11. (Preferred): NIST CSF, NIST SP 800-53 r5, NIST SP 800-30 r1, Secure Controls Framework (SCF).
• Strong familiarity with cybersecurity and cloud security frameworks, experience with the Secure Controls Framework desired but not required.

What is the last date for applying to the job?

Which countries are accepted for this remote job?