Director of Governance, Risk, and Compliance
About EliseAI
We're improving the industries that matter most: housing and healthcare. Everyone needs a place to live and access to quality healthcare, yet both are often harder to secure than they should be. By integrating AI agents deeply into existing workflows, we make them more efficient, reduce costs, and improve the experience for everyone.
About The Role
We are seeking a Director of Governance, Risk, and Compliance (GRC) to scale our risk and compliance programs. This role will be instrumental in leading and scaling the GRC team to meet regulatory and IT audit readiness, manage third-party risk, and ensure our policies and processes align with industry standards.
Key Responsibilities
Own and lead the company's GRC program, setting strategic direction across frameworks including SOC 1, SOC 2, PCI, HITRUST, and HIPAA
Serve as the primary owner of audit relationships, overseeing planning, evidence collection, documentation, and auditor communications
Define and enforce compliance roadmaps, ensuring cross-functional alignment and accountability on regulatory requirements
Attract top-tier talent to scale the GRC team, providing mentorship, setting priorities, and managing team performance
Oversee the vendor risk management program, including third-party due diligence, risk tiering, and escalation of critical findings
Lead reviews of vendor and client security questionnaires (DDQs) in partnership with Security Engineering, with final sign-off authority
Own the security and compliance policy framework — driving creation, review cycles, and organization-wide adoption
Partner with Legal and Security leadership on security-related contractual obligations, including review and negotiation of security addenda
Move at rocket speed, build something massive. We’re scaling fast, solving real client problems with precision and ambition.
Requirements
8+ years of experience in Governance, Risk, and Compliance, Information Security, or a related field, with at least 3 years in a leadership or program ownership role
Deep expertise across compliance frameworks including SOC1, SOC 2, PCI, HIPAA, and ISO certifications
Proven track record managing audit programs end-to-end, including direct relationships with external auditors
Experience building or scaling a GRC function, including team hiring and development
Strong understanding of vendor risk management, third-party due diligence, and risk-based decision-making
Ability to translate complex compliance and risk topics for executive and board-level audiences
Excellent cross-functional influencing skills — comfortable working with Legal, Engineering, and business leadership
Willingness to work in person at our office 4-5 days a week