Staff, Governance, Risk, Compliance (GRC), Oura, NY, US

At Oura, our mission is to empower every person to own their inner potential. With our award-winning Oura Ring and app, we help over 2.5 million people turn insights about sleep, activity, and readiness into healthier, more balanced lives. We believe that starts from within — by creating a culture where our team feels supported, included, and inspired to do their best work. Our values guide how we show up for each other and our community every day.

We are looking for a Staff Governance, Risk and Compliance (GRC) professional to join our Security Team. This role will serve as a leader and subject matter expert (SME) driving compliance, risk, and governance initiatives. Working closely with leaders across Security, Privacy, Product, and Engineering, this person will own and mature our security and compliance programs such as SOC 2, HIPAA, ISO27001, ISO27799, HITRUST, NIST 800-171, CMMC, and FedRAMP.

The ideal candidate has a proven track record of leading and scaling compliance frameworks, shaping risk management programs, and partnering with business leaders to align governance with organizational goals.

This is a remote U.S. role with a strong preference for candidates based in the East Coast. We have offices in San Francisco and San Diego for those who prefer hybrid or office settings. Oura employees in other major cities (like Boston and New York) occasionally gather informally at local co-working locations.

What you will do:

• Program Ownership: Lead strategic GRC initiatives end-to-end, including achieving and maintaining industry certifications (e.g., SOC 2, HITRUST, ISO 27001).
• Policy & Governance Leadership: Develop, implement, and oversee security and compliance policies; ensure they are embedded into business operations.
• Cross-Functional Risk Leadership: Partner with Product, Engineering, and Privacy to integrate security and compliance by design into new features, infrastructure, and business processes.
• Regulatory & Industry Alignment: Anticipate, monitor, and interpret regulatory changes and industry trends; proactively evolve the GRC strategy.
• Risk Program Leadership: Lead risk assessments and mitigation strategies, ensuring ownership and accountability across teams.
• Audit & Assurance: Oversee audit readiness and execution, including internal, customer, and third-party assessments.

• Team Enablement: Mentor peers and drive a culture of compliance and risk awareness across the company.