Manager, Governance, Risk & Compliance (GRC)

Join Aya Healthcare, winner of multiple Top Workplace awards!

We are seeking a Manager, Governance, Risk & Compliance (GRC) to own and operate our enterprise GRC program with a strong emphasis on compliance automation, scalability, and operational excellence. In this role, you will lead a team of compliance analysts and be accountable for the execution, maturity, and continuous improvement of Aya’s GRC capabilities using ServiceNow GRC / IRM as the system of record.

This is a hands-on leadership opportunity for someone energized by building and scaling modern GRC solutions—moving away from manual, point‑in‑time audit work toward automated, continuously operating GRC capabilities. You’ll work cross‑functionally across Information Security, IT, Legal, Privacy, and Audit to translate regulatory requirements into scalable controls, improve evidence automation and reporting, and deliver clear, actionable insights to leadership.

This role will work PST business hours.

Who We Are:

We’re a $8+ billion, rapidly growing workforce solutions provider in the healthcare industry. We deliver tech-enabled services that help healthcare organizations meet and manage their contingent labor needs. We build and manage tech-enabled marketplaces for national and local healthcare talent and deliver contingent labor management solutions through our proprietary software platform.

At Aya, we’re obsessed with creating exceptional experiences for our clients, clinicians, and employees. In fact, we put employee satisfaction above all else. Our team members are responsible for incomparable customer experience and we know that happy employees are critical to maintaining happy clients. We foster an entrepreneurial, high-energy, low-bureaucracy culture and value innovative thinking and creative problem-solving. We embrace diversity in thought and backgrounds unified by a commitment to high achievement. When you join Aya, you’ll be surrounded by teammates who care about you as an individual and leaders who will help you grow both personally and professionally.

Responsibilities:

• You will report to the VP of Information Security.

• Own the day-to-day operation and continuous improvement of Aya’s enterprise GRC program, with a focus on modernization and scale.

• Serve as the primary owner of ServiceNow GRC / IRM, driving configuration, optimization, and adoption across the organization.

• Design and evolve how regulatory and framework requirements are translated into scalable, automated controls and workflows.

• Lead compliance efforts for SOC 2 and ISO/IEC 27001:2022, including readiness activities, audit execution support, and remediation tracking.

• Establish clear control ownership, traceability, and audit-ready documentation that teams can confidently operate against.

• Champion a compliance automation mindset, improving automated control testing, evidence collection, reporting, and dashboards to reduce manual effort and operational friction.

• Collaborate with ServiceNow platform and engineering partners to ensure GRC solutions are scalable, supportable, and well-integrated.

• Build and use dashboards and metrics to communicate compliance posture, trends, and risk insights to leadership.

• Manage, coach, and develop a team of compliance analysts, setting clear expectations, accountability, and quality standards while supporting career growth.

• Act as a trusted GRC partner across Security, IT, Engineering, Finance, Legal, and Privacy, translating risk and compliance concepts into business‑relevant language that enables action.

• Ex: You will take full ownership in how you achieve your top of funnel metrics, pipeline conversion percentages and hires to help the team achieve our collective hiring goal

Required Qualifications:

• 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, or related disciplines.

• 2+ years of hands-on, delivery ownership experience with ServiceNow GRC / IRM, beyond end‑user or evidence‑submission activity. Experience should include administrative or configurator‑level responsibilities such as control and framework mapping, workflow design, automated evidence collection or control testing, and reporting or dashboard creation.

• Demonstrated experience running or materially contributing to a GRC program, with an emphasis on modernization, scalability, and continuous improvement.

• Strong working knowledge of SOC 2 and ISO/IEC 27001:2022.

• Proven experience leading or mentoring compliance analysts, with strong written and verbal communication skills and the ability to influence across teams.

Core Role Criteria:

• GRC Program Ownership: Ability to own outcomes end‑to‑end, not just coordinate audits, while continuously improving program maturity and execution.

• ServiceNow GRC / IRM Depth (Critical): Demonstrated capability to configure and optimize controls, workflows, evidence automation, and dashboards, with the ability to explain design decisions and tradeoffs.

• Compliance Automation Mindset: Track record of replacing manual or spreadsheet‑driven compliance work with system‑driven, scalable workflows.

• People Leadership: Experience managing and developing analysts, building accountability while fostering engagement and growth.

• Cross‑Functional Influence: Ability to translate compliance and risk concepts into clear, business‑relevant language and drive alignment across teams.

• Strategic Orientation: Connects compliance execution to business risk, leadership reporting, and informed decision‑making.

What We Offer:

• Free premium medical, dental, life and vision insurance

• Generous 401(k) match

• Aya also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonuses

• Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya’s general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling

• Celebrations! We hit our goals and reward ourselves.

• Company-sponsored virtual events, happy hours and team-building activities are always on the horizon — plus, you get a special treat on your birthday!

• Unlimited DTO — we believe in time off!

• Virtual yoga, meditation or boot camp classes offered daily

Compensation: Aya reasonably anticipates the pay scale for this position to be an annual salary of $140,000 to $165,000.

The pay scale for this position may vary if applicant possesses experience outside of what Aya reasonably anticipates for this position. Bonuses are subject to the role and your manager’s discretion.

Aya is an Equal Opportunity Employer (EEO), including Disability / Vets, and welcomes all to apply. Please click here for our EEO policy