Head of Governance, Risk and Compliance

About Us

Hippocratic AI has developed a safety-focused Large Language Model (LLM) for healthcare. The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in the world by bringing deep healthcare expertise to every human. No other technology has the potential to have this level of global impact on health.

Why Join Our Team

• Innovative Mission: We are developing a safe, healthcare-focused large language model (LLM) designed to revolutionize health outcomes on a global scale.
• Visionary Leadership: Hippocratic AI was co-founded by CEO Munjal Shah, alongside a group of physicians, hospital administrators, healthcare professionals, and artificial intelligence researchers from leading institutions, including El Camino Health, Johns Hopkins, Stanford, Microsoft, Google, and NVIDIA.
• Strategic Investors: We have raised a total of $278 million in funding, backed by top investors such as Andreessen Horowitz, General Catalyst, Kleiner Perkins, NVIDIA’s NVentures, Premji Invest, SV Angel, and six health systems.
• World-Class Team: Our team is composed of leading experts in healthcare and artificial intelligence, ensuring our technology is safe, effective, and capable of delivering meaningful improvements to healthcare delivery and outcomes.
  
  

For more information, visit www.HippocraticAI.com.

We value in-person teamwork and believe the best ideas happen together. Our team is expected to be in the office five days a week in Palo Alto, CA, unless explicitly noted otherwise in the job description.

About The Role

As Head of GRC at Hippocratic AI, you will oversee the execution and continuous improvement of GRC programs that underpin our product safety, data governance, compliance certification, and risk-management infrastructure. You will ensure that GRC practices scale in lockstep with product and business growth, and that they reflect the company’s mission-critical focus on safety in healthcare AI. You will interface with cross-functional teams (Engineering, Clinical, Legal, Product) and ensure GRC decisions are embedded in operations, not just advisory. This position reports to the CISO.

What You'll Do:

• Develop and own the GRC program roadmap: define goals, deliverables, success criteria, timelines, and key milestones aligned with Hippocratic AI’s strategic objectives (safety, regulatory readiness, trust frameworks).
• Establish and refine frameworks, processes, and best practices for GRC within the company context (healthcare-AI domain).
• Manage portfolio of GRC projects: from operational documentation to remediation items, audit readiness, risk assessments, vendor/third-party governance.
• Collaborate with other program /project managers in InfoSec, Product, and Clinical Ops to align on methodology, reporting, and metrics to prevent silos.
• Design and deliver regular reporting on program health, risk metrics, and compliance status to senior leadership and partner functions.
• Lead remediation tracking: identify, document, escalate, and monitor mitigation efforts across projects and operations.
• Maintain documentation management: templates, document structure, and content governance for GRC artifacts (policies, procedures, controls).
• Support strategic planning for GRC: annual/quarterly planning cycles, resource alignment, cross-functional dependencies.
• Act as an ambassador of the GRC function across the organization: build stakeholder relationships and cultivate a risk-aware culture.
  
  

What You Bring

• You have proven experience (10 years) as a program manager or analyst focused on governance, risk, or compliance—ideally in a regulated environment (healthcare, fintech, SaaS).
• You are capable of leading complex technical programs and driving projects through ambiguity to results.
• You understand security, data governance, and compliance requirements (including healthcare-adjacent risks), and are comfortable translating technical and regulatory concepts into actionable operations.
• You can communicate effectively with technical and non-technical audiences, including senior leaders.
• You hold yourself accountable for delivering high-quality outcomes on schedule in a fast-moving environment.
• You build stakeholder trust, manage competing priorities, and apply sound judgment when multiple routes exist.
• You thrive in cross-functional settings and can represent the GRC team credibly across engineering, clinical, product, and business functions.
  
  

Must Have:

• Technical Bachelor’s degree (or equivalent experience).
• 10 years in a program or project-management role in a GRC, security, or similar domain.
• Demonstrated success leading technical programs and delivering results.
• Strong grasp of governance, risk management, compliance fundamentals (audit controls, internal control frameworks, or equivalent).
• Familiarity with project management tools (e.g., Jira, ServiceNow) and comfortable establishing new processes.
• Strong understanding of security concepts, data governance, vendor risk management, and operations in a regulated/health-adjacent context. (HIPAA, HITRST, SOC 2, ISO, SaMD, and others)
  
  

Nice-to-Have:

• Certifications such as PMP, CRISC, CISA, CISSP, or CISM.
• Experience in a SaaS/Cloud environment, preferably healthcare or life sciences.
• Experience working at a publicly listed company or through external auditors/regulators.
• Familiarity with GRC tooling (e.g., Drata, Vanta, or equivalent compliance automation platforms).
• Be aware of recruitment scams impersonating Hippocratic AI. All recruiting communication will come from @hippocraticai.com email addresses. We will never request payment or sensitive personal information during the hiring process. If anything