Governance, Risk & Compliance Lead - job 2 of 2

Guardant Health is a leading precision oncology company focused on guarding wellness and giving every person more time free from cancer. Founded in 2012, Guardant is transforming patient care and accelerating new cancer therapies by providing critical insights into what drives disease through its advanced blood and tissue tests, real-world data and AI analytics. Guardant tests help improve outcomes across all stages of care, including screening to find cancer early, monitoring for recurrence in early-stage cancer, and treatment selection for patients with advanced cancer. For more information, visit guardanthealth.com and follow the company on LinkedIn, X (Twitter) and Facebook.

About the Role:

Guardant is seeking a Governance, Risk & Compliance (GRC) Lead with 5-10 years of experience to drive the evolution of our Information Security Governance, Risk, and Compliance program. At Guardant, we value innovation over rigid adherence to traditional compliance methods—our ideal candidate is a forward-thinking, non-dogmatic,  new leader who sees compliance as a business enabler rather than a bottleneck. After gaining experience supporting  GRC programs designed or led by others, you are eager to build one that challenges the status quo.  This role is designed for someone who is willing to leverage native workplace technology to eliminate manual, repetitive, and performative tasks, allowing the organization to focus on our core mission.

The ideal candidate will have a mastery of compliance frameworks and a passion for streamlining governance processes through automation, modern risk management techniques, and proactive controls. At Guardant, we believe in staying "Connected to the Work," meaning that even in leadership roles, team members are expected to stay hands-on—contributing as engineers or analysts in their field. If you're looking to redefine GRC, drive efficiency, and integrate security seamlessly into business operations, we’d love to hear from you.

Essential Duties and Responsibilities:

• Develop, maintain, and enhance the security governance, risk, and compliance program, emphasizing automation, right-sized controls, and proactive compliance monitoring, ensuring alignment with business objectives and regulatory requirements (e.g., HIPAA Security Rule, ISO 27001, GDPR,SOX-404).
• Lead the organization’s pursuit of ISO 27001 certification, ensuring compliance and continuous improvement of best practices.
• Drive a culture of accountability through success metrics and goals through continuous monitoring.

• Develop and maintain security policies, standards, and procedures that align with business goals and regulatory requirements.
• Identify and address governance gaps, ensuring timely implementation of recommendations across business units.
• Implement automated compliance and security controls to continuously monitor security risks, exceptions, testing, and overall compliance.

• Conduct and oversee internal assessments and security control testing, ensuring compliance with regulations and protecting sensitive data.
• Prepare and present risk assessments, and remediation plans to leadership, tracking progress toward resolution.
• Partner with Privacy, Compliance and Regulatory teams to ensure security operations meet regulatory and business needs.
• Establish and maintain a Security Trust Program to support customer engagements, audits, and assessments.

• Act as a trusted advisor to both business and technical teams, ensuring GRC goals align with the overall security strategy.
• Provide insights and recommendations to the CISO on regulatory changes and emerging risks.

• Restructure and streamline the third-party risk management program, ensuring vendors meet security and compliance requirements.

Essential Qualifications:

• 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, with at least 2 years in a leadership or program management role.
• Experience in healthcare settings preferred but not required.
• Experience with qualitative risk approaches or the ambition to fast ramp on such approaches.
• Strong knowledge of information security management, governance, and compliance principles, including laws, regulations, and industry standards.

• Deep understanding of regulatory frameworks and industry standards, including:
  • Required: ISO 27001, HIPAA, GDPR, 21 CFR Part 11.
  • Preferred: NIST CSF, NIST SP 800-53 r5, NIST SP 800-30 r1, Secure Controls Framework (SCF).
• Strong familiarity with cybersecurity and cloud security frameworks, experience with the Secure Controls Framework desired but not required.
• Experience with risk management, compliance, resilience, security policy and standards, vendor risk management, security metrics, and security training & awareness.
• Proficiency with Atlassian tools (JIRA, Confluence) for designing projects, dashboards, and dynamic documentation.
• Conceptual understanding of security technologies across both on-premises and cloud infrastructures.
• Certifications (Preferred, but Not Required): CISSP, CISA, CRISC

• Exceptional ability to convey technical and security concepts to diverse stakeholders, including non-technical audiences.
• Skilled in tackling compliance challenges and making informed risk-based decisions.
• Proven ability to establish credibility and build trust across the organization, particularly with engineers, researchers, and G&A functions.
• Sustained capability to stay updated with evolving regulations, industry best practices, and emerging risks.

Hybrid Work Model: At Guardant Health, we have defined days for in-person/onsite collaboration and work-from-home days for individual-focused time. All U.S. employees who live within 50 miles of a Guardant facility will be required to be onsite on Mondays, Tuesdays, and Thursdays. We have found aligning our scheduled in-office days allows our teams to do the best work and creates the focused thinking time our innovative work requires. At Guardant, our work model has created flexibility for better work-life balance while keeping teams connected to advance our science for our patients.

For positions based in Redwood City, CA, the base salary range for this full-time position is $128,000 to $176,000. The range does not include benefits, and if applicable, bonus, commission, or equity.

Within the range, individual pay is determined by work location and additional factors, including, but not limited to, job-related skills, experience, and relevant education or training. If you are selected to move forward, the recruiting team will provide details specific to the factors above.

Employee may be required to lift routine office supplies and use office equipment. Majority of the work is performed in a desk/office environment; however, there may be exposure to high noise levels, fumes, and biohazard material in the laboratory environment. Ability to sit for extended periods of time.

Guardant Health is committed to providing reasonable accommodations in our hiring processes for candidates with disabilities, long-term conditions, mental health conditions, or sincerely held religious beliefs. If you need support, please reach out to [email protected]

Guardant Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

All your information will be kept confidential according to EEO guidelines.

To learn more about the information collected when you apply for a position at Guardant Health, Inc. and how it is used, please review our Privacy Notice for Job Applicants.

Please visit our career page at: http://www.guardanthealth.com/jobs/