Governance, Risk, and Compliance Lead (India)

About the role

We're seeking an experienced GRC Lead to drive Commure's governance, risk, and compliance strategy across our global operations. In this critical leadership role, you will act as the architect of our compliance framework , owning the end-to-end compliance lifecycle - from policy design and risk assessment to audit coordination and organization-wide awareness. As the GRC Lead, you'll work at the intersection of technology, security, and healthcare regulation , ensuring that our products and operations adhere to the highest standards of integrity, data protection, and operational excellence.

Responsibilities

• Compliance & Governance Leadership
• Design, implement, and oversee comprehensive IT compliance and governance programs aligned with HIPAA , GDPR , CCPA , and other data privacy regulations.
• Develop and continuously refine IT security policies, standards, and procedures to balance compliance rigor with operational efficiency.
• Validate and approve IT processes and activities to ensure conformance with regulatory and organizational mandates.
• Act as the primary liaison between internal stakeholders, executive leadership, and external auditors on all compliance-related matters.
• Risk Management & Assessment
• Build and maintain a robust risk management framework to proactively identify, assess, and mitigate IT and operational risks.
• Conduct regular risk assessments , internal audits, and control evaluations to detect vulnerabilities and compliance gaps.
• Perform physical security audits and validate adherence to standards across facilities and third-party locations.
• Audit & Quality Assurance
• Manage internal and external audit processes , ensuring preparedness, accuracy, and timely resolution of findings.
• Conduct periodic compliance inspections across organizational and vendor sites to validate adherence to policies.
• Track, report, and close remediation actions while driving continuous improvement of compliance systems and procedures.
• Training & Advisory
• Design and deliver engaging compliance and security awareness training programs for employees at all levels.
• Serve as a trusted advisor to leadership and business units on compliance strategy, risk mitigation, and program effectiveness.
• Prepare comprehensive compliance reports, dashboards, and presentations for executive stakeholders and the Head of Privacy.
• Investigation & Remediation
• Lead or support internal investigations into compliance violations, data incidents, or policy breaches.
• Develop and implement corrective action plans to address compliance gaps and prevent recurrence.
• Monitor emerging risks and regulatory changes to ensure proactive compliance readiness.
• What You Have
• Required
• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Risk Management , or related discipline (Master's preferred).
• 2+ years of progressive experience in GRC, IT compliance, cybersecurity assurance , or related governance roles.
• Deep expertise in HIPAA , GDPR , CCPA , and IT risk management frameworks such as NIST , ISO 27001 , and SOC 2 .
• Proven experience in internal audits , risk assessments , and implementing compliance programs in complex or regulated environments.
• Demonstrated ability in vendor risk management , third-party audits, and compliance oversight.
• Strong written and verbal communication skills with the ability to simplify complex regulatory concepts for diverse audiences.
• Preferred
• Professional certifications such as:
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Auditor
• CRISC (Certified in Risk and Information Systems Control)

Benefits

Additional Information

At Commure, we're building the AI Operating System for healthcare, the foundation that defines how care is delivered, documented, and financed. Our platform spans the full care journey: Ambient AI and Dictation eliminating documentation burden at the point of care, intelligent Agents automating patient and revenue workflows, and autonomous RCM processing billions in claims, all on a single AI-native platform integrated with 60+ EHRs. Healthcare carries a $1 trillion administrative burden and we're at the center of transforming it. Today, 500,000+ clinicians across 500+ healthcare organizations nationwide trust Commure to handle $25B+ in annual claims and support over 200 million patient interactions. Our latest $70M raise at a $7B valuation reflects the confidence the market has placed in this mission. Our team works directly alongside clinicians, not through layers of process, which means the gap between what you build and its impact on patient care is immediate. We move fast, deploy daily, and take full ownership from early thinking to production. If you're energized by hard problems, high stakes, and a team that holds itself to a high bar, you'll find your people here. The future of healthcare is being built right now. Come deliver this transformation.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at commure? Share your experience