Governance, Risk & Compliance Lead

About the Role:Guardant is seeking a Governance, Risk & Compliance (GRC) Lead with 5-10 years of experience to drive the evolution of our Information Security Governance, Risk, and Compliance program. At Guardant, we value innovation over rigid adherence to traditional compliance methods—our ideal candidate is a forward-thinking, non-dogmatic,  new leader who sees compliance as a business enabler rather than a bottleneck. After gaining experience supporting  GRC programs designed or led by others, you are eager to build one that challenges the status quo.  This role is designed for someone who is willing to leverage native workplace technology to eliminate manual, repetitive, and performative tasks, allowing the organization to focus on our core mission.The ideal candidate will have a mastery of compliance frameworks and a passion for streamlining governance processes through automation, modern risk management techniques, and proactive controls. At Guardant, we believe in staying "Connected to the Work," meaning that even in leadership roles, team members are expected to stay hands-on—contributing as engineers or analysts in their field. If you're looking to redefine GRC, drive efficiency, and integrate security seamlessly into business operations, we’d love to hear from you.Essential Duties and Responsibilities:Develop, maintain, and enhance the security governance, risk, and compliance program, emphasizing automation, right-sized controls, and proactive compliance monitoring, ensuring alignment with business objectives and regulatory requirements (e.g., HIPAA Security Rule, ISO 27001, GDPR,SOX-404).Lead the organization’s pursuit of ISO 27001 certification, ensuring compliance and continuous improvement of best practices.Drive a culture of accountability through success metrics and goals through continuous monitoring.Develop and maintain security policies, standards, and procedures that align with business goals and regulatory requirements.Identify and address governance gaps, ensuring timely implementation of recommendations across business units.Implement automated compliance and security controls to continuously monitor security risks, exceptions, testing, and overall compliance.Conduct and oversee internal assessments and security control testing, ensuring compliance with regulations and protecting sensitive data.Prepare and present risk assessments, and remediation plans to leadership, tracking progress toward resolution.Partner with Privacy, Compliance and Regulatory teams to ensure security operations meet regulatory and business needs.Establish and maintain a Security Trust Program to support customer engagements, audits, and assessments.Act as a trusted advisor to both business and technical teams, ensuring GRC goals align with the overall security strategy.Provide insights and recommendations to the CISO on regulatory changes and emerging risks.Restructure and streamline the third-party risk management program, ensuring vendors meet security and compliance requirements.