×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Project Manager Data Security

Head of Technology Governance Risk Compliance; GRC Hybrid - San Diego, CA or Acton, MA

Job in Acton, Middlesex County, Massachusetts, 01720, USA
Listing for: Insulet Corporation
Full Time position
Listed on 2025-12-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Project Manager, Data Security
Job Description & How to Apply Below
Position: Head of Technology Governance Risk Compliance (GRC) - (Hybrid - San Diego, CA or Acton, MA)

Head of Technology Governance Risk Compliance (GRC) — Hybrid (San Diego, CA or Acton, MA)

The Head of Technology (GRC) reports directly to the Chief Information Security Officer and leads an enterprise-wide function encompassing Information Security, Governance, Technology Risk, and Compliance (GRC). This role builds the organization’s technology risk, compliance, and resiliency strategy, proactively identifying and mitigating risks, and ensuring alignment with external auditors, regulators, and legal teams. The leader chairs the cross‑functional Technology Risk Committee and presents, alongside the CISO, to the Executive Leadership Team (ELT) and Board of Directors on compliance/regulatory status, governance, and technology risk posture.

Responsibilities

Governance & Policy Leadership
  • Set the strategic direction of the Technology GRC organization and oversee the team that designs, implements, and maintains the IT GRC framework, including policies, standards, and controls aligned with business objectives and risk appetite.
  • Oversee and set the roadmap for the Information Security Management System (ISMS), ensuring alignment with ISO 27001 and other relevant frameworks.
  • Oversee self‑assessments, escalating decisions and decisions per requirements to drive risk reduction.
  • Govern the Business Continuity Management Program and lead risk quantification efforts.
Risk Management
  • Design and implement a robust Three‑Lines‑of‑Defense (3

    LOD) framework, delineating roles and responsibilities across business units, risk management, and internal audit.
  • Lead risk assessment activities, integrating findings into the Risk Register or the Enterprise Risk Management (ERM) program.
  • Maintain and report on the risk register, risk treatment plans, and mitigation strategies.
  • Provide actionable, data‑driven insights to executive leadership and the Board on risk posture and emerging threats.
Regulatory Compliance & Audit
  • Ensure compliance with HIPAA, HITECH, FDA cybersecurity guidance, SOX, GDPR, CMMC, and other applicable regulations.
  • Oversee internal and external audits, including SOC 2, ISO 27001, and HITRUST certifications.
  • Serve as the primary liaison to auditors, regulators, and legal teams on cybersecurity compliance matters.
Third‑Party & Supply Chain Risk
  • Lead the third‑party risk management program, including vendor due diligence, contract reviews, and continuous monitoring.
  • Ensure supply‑chain security practices meet regulatory and industry expectations, including FDA and SEC guidance.
Security Awareness & Culture
  • Oversee enterprise‑wide security awareness and training programs, including phishing simulations and compliance education.
  • Foster a culture of risk awareness and accountability across all levels of the organization.
Incident Response & Resilience
  • Govern the enterprise cyber incident response plan, including tabletop exercises and business continuity planning.
  • Ensure readiness for ransomware, data breaches, and other high‑impact events.
  • Lead the development of an enterprise‑wide Business Continuity Program (BCP), ensuring readiness for operational disruptions.
Metrics & Reporting
  • Define and track key performance indicators (KPIs/KRIs) and metrics for risk, quantification, compliance, and control effectiveness.
  • Deliver quarterly board updates, annual program reviews, and ad‑hoc reports on incidents, audits, and compliance status.
Strategic & External Engagement
  • Represent the organization in industry forums (e.g., H‑ISAC), regulatory discussions, and peer collaborations.
  • Stay ahead of emerging technologies (e.g., AI, IoMT, cloud) and evolving regulatory landscapes to inform GRC strategy.
  • Develop budgets and resource requirements for direct reporting teams.
  • Participate in the development of team strategic plans, annual goal and delivery plans, and quarterly and monthly updates and retrospectives.
Required Leadership/Interpersonal Skills & Behaviors
  • Proven executive leader with a track record of building and scaling high‑performing, cross‑functional teams in complex, regulated environments.
  • Demonstrated ability to influence across the enterprise, including ELT and Board‑level stakeholders, to drive alignment and accountability for…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search