Staff Governance, Risk, Compliance (GRC) - Remote

Overview

Oura is looking for a Staff Governance, Risk and Compliance (GRC) professional to lead compliance, risk, and governance initiatives within its Security Team, focusing on key certifications and frameworks.

In Short

• Lead strategic GRC initiatives end-to-end.
• Develop, implement, and oversee security and compliance policies.
• Partner with Product, Engineering, and Privacy for security integration.
• Monitor regulatory changes and evolve GRC strategy.
• Lead risk assessments and mitigation strategies.
• Oversee audit readiness and execution.
• Mentor peers and promote compliance culture.

Requirements

• 7+ years in GRC, IT compliance, security, or risk management.
• Deep expertise in SOC 2, HIPAA, HITRUST, NIST 800-171, ISO27001.
• Familiarity with IT and cloud environments (AWS, GCP).
• Strong background in risk assessments and compliance audits.
• Preferred certifications: CGRC, CISA, CRISC, CISSP.

Benefits

• Competitive salary and equity packages.
• Health, dental, vision insurance, and mental health resources.
• An Oura Ring of your own plus employee discounts.
• 20 days of paid time off plus 13 paid holidays.
• Paid sick leave and parental leave.