GRC Manager

About Us:

Function was founded with a singular focus: empower you to live 100 healthy years. We’re doing that by using the best available technology to make sure people don't suffer or die a preventable death. Function has been recognized as one of Fast Company’s Most Innovative Companies of 2024, and is venture-backed by Andreessen Horowitz (a16z). Hundreds of thousands of members have joined Function to take control of their health. We are growing our team and seeking out world-class talent that deeply believes in our mission to positively impact global health, has a relentless bias toward action and a growth mindset. Function fosters a collaborative and dynamic environment, where every day we are building the future.

Role:

As the GRC (Governance, Risk, and Compliance) Manager at Function, you will build and own the programs that ensure our security and privacy practices align with regulatory and customer expectations. You’ll play a critical role in achieving and maintaining HIPAA and SOC 2 compliance, while partnering across the company to implement scalable, risk-aligned controls.This is an ideal role for someone who enjoys translating policies into action, enabling business velocity through good governance, and rolling up their sleeves to build systems that scale.
Key Responsibilities:

• Lead the development and implementation of Function’s HIPAA and SOC 2 compliance programs.
• Create and manage security and privacy policies, risk registers, and control frameworks.
• Drive audit readiness and manage relationships with auditors, partners, and assessors.
• Coordinate cross-functional control owners across IT, Security, and Engineering.
• Implement governance processes such as access reviews, vendor risk assessments, and security awareness training.
• Support incident management procedures, risk assessments, and documentation workflows.
• Leverage automation platforms (e.g. Vanta, Drata) to streamline evidence collection and control monitoring.
• Track and report on compliance KPIs, remediation progress, and control coverage.

Qualifications/Skills:

• 5+ years of experience in GRC, security compliance, or risk management roles.
• Demonstrated ownership of successful SOC 2 and/or HIPAA compliance efforts.
• Strong understanding of security frameworks (e.g. NIST, ISO 27001) and audit processes.
• Detail-oriented with excellent project management and documentation skills.
• Experience working cross-functionally in a fast-paced, high-growth tech environment.
• Comfortable working independently while driving company-wide initiatives.
• CISA, CISM, or similar certifications are a plus.

To be a strong fit, you also need:

• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.

Your dedication to these responsibilities will directly contribute to the success of our platform and the satisfaction of our users. We are looking for a proactive, skilled, and forward-thinking individual to join our team and help shape the future of our services.

Nice-to-Have Skills and Experiences:

While the core competencies are essential, the following qualifications will distinguish exceptional candidates:

• Healthcare Data protection Expertise: experience with healthcare data protection (e.g., HIPAA), red teaming, or security architecture.
• Start-Up Experience: We highly value individuals with start-up experience, especially former founders or early engineering hires. This experience indicates a versatile skill set and an ability to thrive in fast-paced, evolving environments.
• Familiarity with Health Technologies: Knowledge of or experience with popular health technologies, such as Oura, Whoop, Apple Watch, and CGMs (Continuous Glucose Monitors). An interest in or experience with health and wellness technologies suggests a passion for leveraging technology to improve personal and community health outcomes.

Why You'll Love Working With Us:

• Empowerment in Your Role: Revel in the autonomy to work on projects that resonate with your passion and expertise. Thrive in a supportive atmosphere where your independence is cherished, free from the constraints of micromanagement.
• Collaborative and Innovative Culture: Become part of a vibrant community that not only values but thrives on collaboration and innovation. Here, swift execution and the celebration of fresh ideas are the bedrock of our success.

We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged. If you are a highly motivated and experienced individual who is passionate about using technology to improve people’s lives, we would love to hear from you.
Join the Function Health team and become a part of our mission to revolutionize healthcare. Work with us to make a difference in the lives of thousands, ensuring a healthier future for all. Discover more about us and how we're changing the face of healthcare at Function Health.