GRC Manager / Offshore Team Lead
Health Catalyst
Join one of the nation’s leading and most impactful health care performance improvement companies. Over the years, Health Catalyst has achieved and documented clinical, operational, and financial improvements for many of the nation’s leading healthcare organizations. We are also increasingly serving international markets. Our mission is to be the catalyst for massive, measurable, data-informed healthcare improvement through:
Data: integrate data in a flexible, open & scalable platform to power healthcare’s digital transformation
Analytics: deliver analytic applications & services that generate insight on how to measurably improve
Expertise: provide clinical, financial & operational experts who enable & accelerate improvement
Engagement: attract, develop and retain world-class team members by being a best place to work
Reports To
GRC Manager (U.S.)
Location
India (Hyperbad or Punjab)
Position Overview
We are seeking a GRC Manager to lead our offshore Governance, Risk & Compliance team in India. This team consists of Junior Analysts specializing in customer risk assessments, policy and procedure management, and automated evidence collection using the Anecdotes platform. The GRC Manager will provide local leadership, ensure team alignment with organizational goals, and track KPIs for performance. The ideal candidate will have a strong understanding of compliance frameworks (HITRUST, SOC 2, ISO 27001, NIST, RAMP), policy governance, and continuous monitoring processes.
Key Responsibilities
Team Leadership & Operations
- Provide daily leadership, coaching, and oversight for the offshore GRC team.
- Maintain close alignment with the U.S.‑based GRC Manager on priorities, deliverables, and escalations.
- Serve as the local point of contact for workload planning, staffing needs, and performance management.
Hands-On GRC Execution
- Actively participate in day‑to‑day GRC operations—this is a hands-on leadership role.
- Support and review customer security questionnaires and risk assessments.
- Oversee policy and procedure lifecycle management, ensuring accuracy and timely updates.
- Manage evidence collection and mapping across frameworks using Anecdotes or similar platforms.
Quality, Metrics & Continuous Improvement
- Track, analyze, and report on KPIs such as turnaround time, accuracy, volume, and policy review cadence.
- Identify inefficiencies and lead process-improvement initiatives.
- Ensure alignment and compliance with HITRUST, SOC 2, ISO 27001, NIST, and RAMP framework requirements.
- Assist with escalations involving complex customer requests or audit inquiries.
- Maintain documentation for workflows, processes, KPIs, and team performance.
Qualifications
Required
- Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
- 5+ years of experience in GRC, compliance, or information security roles.
- Strong working knowledge of HITRUST, SOC 2, ISO 27001, NIST, and X‑RAMP frameworks.
- Demonstrated experience leading or mentoring teams.
- Excellent written and verbal communication skills, including cross‑functional collaboration.
- Ability to analyze KPIs and drive measurable improvements.
Preferred Certifications
- CISM (Certified Information Security Manager)
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Systems Auditor)
- CRISC (Certified in Risk and Information Systems Control)
- HITRUST CCSFP (Certified CSF Practitioner)
- ISO 27001 Lead Auditor or Lead Implementer
- CGRC (Certified in Governance, Risk, and Compliance; formerly CAP)
- CCSK or CCSP (Cloud security certifications – bonus)
Preferred Skills
- Experience with GRC automation platforms (Anecdotes or similar).
- Experience working with external assessors or auditors.
- Familiarity with policy management software and audit-reporting tools.
- Understanding of cloud environments, co‑location hosting concepts, and SaaS security principles.
Why Join Us?
- Lead a growing offshore GRC team and shape its success.
- Work with cutting-edge compliance automation tools.
- Collaborate with global teams on strategic governance initiatives.
The above statements describe the general nature and level of work being performed in this job function. They are not intended to be an exhaustive list of all duties, and indeed additional responsibilities may be assigned by Health Catalyst.
Studies show that candidates from underrepresented groups are less likely to apply for roles if they don’t have 100% of the qualifications shown in the job posting. While each of our roles have core requirements, please thoughtfully consider your skills and experience and decide if you are interested in the position. If you feel you may be a good fit for the role, even if you don’t meet all of the qualifications, we hope you will apply. If you feel you are lacking the core requirements for this position, we encourage you to continue exploring our careers page for other roles for which you may be a better fit.
At Health Catalyst, we appreciate the opportunity to benefit from the diverse backgrounds and experiences of others. Because of our deep commitment to respect every individual, Health Catalyst is an equal opportunity employer.