Director of GRC & EPMO

Join us in revolutionizing healthcare! We build software that simplifies the process of choosing the right health insurance for individuals. Our solutions help our health plan and government customers with the administration, reporting, and operational requirements of their plans. By tackling the complexities of enrollment, administration, renewal, billing, and more, we enable our customers and partners to concentrate on advancing their core missions.  

Our culture is built on collaboration, innovation, and appreciation. We value each employee's unique talents and contributions and understand that every individual plays a critical role in our mission to transform healthcare. Every day, we celebrate our team's dedication, creativity, and expertise, which drive us closer to our goals. 

At Softheon, our mission is making healthcare more affordable, accessible, and plentiful for every American. Our vision is that everyone can access and choose the healthcare they need. 

The Director of Governance, Risk, Compliance and Project Management is a critical, hands-on executive responsible for owning and advancing Softheon’s governance, risk, compliance (GRC), and project portfolio management strategies. This strategic role ensures robust GRC frameworks across the enterprise, aligns compliance with business and regulatory needs, and oversees best-in-class project management practices, driving operational excellence and delivery against ambitious business objectives. 

This leader serves as a center of excellence for GRC, providing mentorship and oversight while also championing project management standards and portfolio execution. The role partners with senior leadership and the Board to ensure that both risk mitigation and project delivery outcomes support Softheon’s growth and mission. 

Please note that the requirements of this role are beyond the 9am - 6pm scope. It is expected that all managers are available to the organization when needed. 

Governance, Risk & Compliance (Primary Focus) 

• Lead the GRC function, developing and implementing enterprise-wide governance, risk management, and compliance frameworks that align with healthcare regulations (HIPAA, HITRUST, CMS, ACA, Medicare, Medicaid, PCI-DSS, SOC, NIST, MARS-E, and others). 

• Maintain oversight and optimization of GRC platforms and tools (e.g., AuditBoard), driving automation and workflow improvement. 

• Serve as the subject-matter authority for evolving regulatory requirements, business continuity planning, enterprise risk management, and third-party/vendor risk. 

• Oversee internal and external audits, responding to client, regulatory, and operational reviews, ensuring timely and effective resolution and communication. 

• Translate compliance requirements into organizational policies, reporting structures, and training programs that foster a culture of risk awareness and accountability. 

PMO and Project Management Leadership 

• Establish and manage the Project Management Office as a center of excellence, developing scalable frameworks, standards, and tools supporting a hybrid (Agile, Waterfall, Lean/Six Sigma) methodology environment. 

• Oversee intake, prioritization, resource allocation, and delivery of the enterprise project portfolio—ensuring projects meet timelines, budgets, and business objectives. 

• Apply risk-based thinking and GRC insight to project selection, resource planning, and execution, ensuring alignment with overall business strategy. 

• Mentor and lead project management staff, coach on effective project lifecycle management, risk tracking, and successful delivery practices. 

• Collaborate with executive sponsors and cross-functional stakeholders to communicate project status, risk mitigation measures, and value delivery transparently and persuasively. 

• Champion process improvement and innovation leveraging industry best practices and new technologies. 

Leadership, Culture, and Talent Management 

• Build and lead high-performing, multidisciplinary GRC and PMO teams—providing direct mentorship, fostering talent development, and succession planning. 

• Promote an inclusive, collaborative, and high-accountability culture that values compliance excellence, continuous learning, and operational agility. 

• Advise and present to executive leadership and the Board on GRC and project management trends, risk analysis, KPIs, and strategic initiatives. 

• Engage in recruiting, hiring, and developing staff whose skills align with the company’s mission and values. 

Education 

• Bachelor’s degree in Business, Law, Risk Management, Healthcare Administration, Computer Science, or related field. 

Experience 

• 10+ years of progressively responsible experience in governance, risk, compliance, and audit leadership, ideally within healthcare or health tech. 

• 7+ years of experience of general project management experience such as leading compliance audits, vendor reviews, BCP Plans, etc. 

• Experience developing and administering GRC technology platforms (preferably AuditBoard) and enterprise project management tools (e.g., PPM, MS Project, SharePoint). 

• Management experience in regulated industries, collaborating with senior leadership and Boards on risk and project oversight. 

Certifications

Required 

• Certified Governance, Risk and Compliance Professional (GRCP) 

Preferred 

• Certified Information Systems Auditor (CISA) 

• Certified in Risk and Information Systems Control (CRISC) 

• Agile Certified Practitioner (PMI-ACP) or Certified ScrumMaster (CSM) 

• Lean Six Sigma Green Belt (or higher) 

• Project Management Professional (PMP)  

• Portfolio Management Professional (PfMP) or Program Management Professional (PgMP) 

• Certified SAFe® Agilist or equivalent Agile framework certification 

• ITIL Foundation (for significant IT project environments) 

• Prosci Certified Change Practitioner (or similar change management credential 

Knowledge 

• Demonstrated success leading regulatory and client audits, business continuity/disaster recovery programs, and large-scale governance initiatives. 

• Advanced knowledge of major healthcare regulatory frameworks (HIPAA, HITRUST, CMS, ACA, PCI-DSS, SOC 2, NIST, MARS-E). 

Softheon offers every full-time employee a comprehensive compensation and benefits package including:  

• For this position we offer a base pay of $180,000 - $200,000 plus equity (when applicable), variable/incentive compensation, and benefits. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as candidate location, qualifications, skill level, and competencies.  

• Work from your home company with a one-time home office stipend 

• Comprehensive benefits package that includes health, vision and dental coverage for you, your spouse and dependents 

• Additional benefits, including a monthly wellness stipend and internet stipend, 401K w/ a match; immediately vested, employee assistance program, disability/life insurance, and parental leave 

• 15 days to discretionary PTO based on YOS 

• 9 additional paid holidays 

• Referral bonuses, discretionary bonus program, spot bonuses and professional development opportunities 

*Please note that candidates applying for this position must reside within the United States.  

Eligibility to Work in the U.S.: We are unable to sponsor or assist with visa-related processes. Candidates must have valid work authorization to work in the U.S. without any current or future need for employer sponsorship.      

Join Softheon, and together, we'll shape the future of healthcare in America. 

Are you ready to make a difference? Join us at Softheon and help revolutionize healthcare for all. 

At Softheon, we embrace and celebrate diversity in all its forms as an equal opportunity employer. We strongly believe that employing a diverse workforce is key to our success. Our recruitment and hiring decisions are made solely on the basis of each candidate's qualifications, experience, and skills. We highly appreciate your dedication to our shared mission of making healthcare more affordable, accessible, and plentiful. Join us in our journey towards continually building a diverse and inclusive workplace, where everyone’s contributions are valued, respected, and celebrated.  

Employment with Softheon is at-will, which means either the employee or Softheon may terminate the employment relationship at any time, with or without cause, and with or without notice. Nothing in this job description or in any document or statement shall be construed to constitute a guarantee of employment for a specified period of time.