Director Of Governance Risk And Compliance - Fuze Health

At Fuze Health, we put patients first and tirelessly address the most pressing needs in healthcare. We empower millions to digitally connect with care providers, essential health resources and needed treatments – and enable care providers, employers, health plans and life sciences companies to meaningfully enhance quality, outcomes and value. We are dedicated to helping our partners evolve and modernize to meet emerging patient and marketplace needs.

Fuze Health's foundation is built upon the strategic combination of several proven, technology-powered innovators in the digital health, diagnostics, and pharmacy sectors. Our growing portfolio brings together the capabilities of industry leaders including LetsGetChecked, Truepill, and Alto Pharmacy, to create a distinctive, unified force in healthcare. Together, we have the shared vision, advanced capabilities and talented teams to deliver next-generation solutions that patients and healthcare partners need today and into the future.

Role Overview

The Director of GRC will be a pivotal leader responsible for architecting and maintaining a unified security and compliance framework across multiple healthcare entities. Your primary mission is to lead the organization through the rigorous process of achieving and maintaining HITRUST CSF and ISO 27001 & 27799 certifications.

You will bridge the gap between technical security controls and enterprise risk management, ensuring that our data protection strategies align with HIPAA/HITECH requirements and the highest industry standards.

As the Director of Governance, Risk & Compliance you will:

• Report to the Head of Information Security as a key member of the Information Security Team.
• Provide leadership in the pursuit and maintenance of compliance certifications (HITRUST & ISO 27001)
• • Framework Ownership: Serve as the primary architect for the HITRUST CSF and ISO 27001 implementation roadmaps.
  • Audit Management: Own the relationship with the external assessors, manage the evidence-collection process, and serve as the main point of contact for all certification audits.
  • Gap Remediation: Identify control deficiencies and work cross-functionally with IT and Clinical Operations to implement corrective actions.
• Manage multi-entity governance
• • Policy Harmonization: Standardize security policies across all business entities while accounting for unique operational requirements for each.
  • Committee Leadership: Chair the GRC Steering Committee to report on compliance health, risk posture, and certification progress to leadership.
• Participate in Risk & Privacy Management
• • Enterprise Risk Assessment: Conduct regular HIPAA Security Risk Analyses (SRA) and privacy impact assessments as needed and agreed.
  • Third-Party Risk Management (TPRM): Oversee the vendor risk management program, defining security standards for all business associates (BAs).
• Manage Compliance Operations
• • Continuous Monitoring: Move the organization from "point-in-time" compliance to a continuous monitoring model using GRC automation tools.
• Have the ability to strategically influence to gain buy-in from clinical leaders and department heads who may view compliance as a barrier to workflow.
• Have proficiency in mapping overlapping controls between different frameworks to reduce "audit fatigue."
• Have an exceptional ability to translate complex technical risks into business terms for leadership.

What you need:

• 10+ years in IT/Security GRC, with at least 5 years in a leadership role.
• Comfortable working in a fast-paced environment with excellent communication skills.
• Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing / contributing to technical publications.
• Deep understanding of HIPAA, HITECH, and CMS regulations.
• Proven experience leading at least one organization through a full HITRUST (r2) or ISO 27001 certification cycle.
• Bachelor's degree in IT, Healthcare Administration, or a related field (Master's preferred).
• Certifications such as CISA, CISM, or CISSP. Highly Desired: CCSFP (HITRUST Practitioner) required.

The base salary range for this role is €85,000 - €95,000.

Closing date for applications 28th February 2026.

Benefits:

Alongside base salary we offer a range of benefits including:

• Health insurance and an Employee Assistance Programme
• Pension
• LetsGetChecked has a flexible annual leave policy
• Annual Compensation Reviews
• 3 paid volunteer days per year
• Free monthly LetsGetChecked tests as we are not only focused on the well being of our patients but also the well being of our teams
• A referral bonus programme to reward you for helping us hire the best talent
• Internal Opportunities and Careers Clinics to help you progress your career within the company
• Maternity, Paternity, Parental and Wedding leave

At Fuze Health, we are committed to fostering an inclusive environment that celebrates diversity in all its forms. We believe that the diversity of thought, background, and experience strengthens our teams and drives innovation. We are an equal-opportunity employer and do not discriminate on the basis of race, ethnicity, religion, color, place of birth, sex, gender identity or expression, sexual orientation, age, marital status, military service status, or disability status. Our goal is to ensure that everyone feels valued and empowered to thrive.

Fuze Corporate Inc. and its subsidiaries respects your privacy and is committed to protecting your personal information. Please read our Candidate Privacy Notice which explains how we collect, use, disclose, and protect personal information about job applicants during the recruitment and hiring process.