Director of Governance, Risk, and Compliance
EliseAI · San Francisco, CA
- On site
- Full-time
- $275,000 / year
- San Francisco, CA
Job highlights
- Lead and scale GRC programs for housing and healthcare.
- Manage audits, compliance, and third-party risk.
- Build and mentor a high-performing GRC team.
- Influence stakeholders across Security, Legal, and business.
- High-impact role with direct business influence.
About the role
About EliseAI
At EliseAI, we're improving the industries that matter most: housing and healthcare. Everyone needs a place to live and access to quality healthcare, yet both are often harder to secure than they should be.
By integrating AI agents deeply into existing workflows, we make them more efficient, reduce costs, and improve the experience for everyone.
- Housing: We simplify how renters tour apartments, sign leases, submit maintenance requests, and stay connected with their property team—bringing everything they need for their home into one place.
- Healthcare: We make it easy to schedule appointments, complete intake forms, and we help patients communicate with providers, so everyone can focus on health instead of paperwork.
With EliseAI, organizations reduce manual work, improve accessibility, and deliver a seamless experience across essential services. We recently raised a $250 million Series E round led by Andreessen Horowitz to accelerate this mission.
About The Role
We are seeking a Director of Governance, Risk, and Compliance (GRC) to scale our risk and compliance programs. This role will be instrumental in leading and scaling the GRC team to meet regulatory and IT audit readiness, manage third-party risk, and ensure our policies and processes align with industry standards.
You will work cross-functionally with Security Engineering, Legal, and business stakeholders to operationalize compliance efforts, support audits, and manage the GRC team to respond to customer and vendor due diligence requests. This is a high-impact role with direct influence on our ability to meet critical compliance timelines and support the operations of the business.
Key Responsibilities
- Own and lead the company's GRC program, setting strategic direction across frameworks including SOC 1, SOC 2, PCI, HITRUST, and HIPAA
- Serve as the primary owner of audit relationships, overseeing planning, evidence collection, documentation, and auditor communications
- Define and enforce compliance roadmaps, ensuring cross-functional alignment and accountability on regulatory requirements
- Attract top-tier talent to scale the GRC team, providing mentorship, setting priorities, and managing team performance
- Oversee the vendor risk management program, including third-party due diligence, risk tiering, and escalation of critical findings
- Lead reviews of vendor and client security questionnaires (DDQs) in partnership with Security Engineering, with final sign-off authority
- Own the security and compliance policy framework — driving creation, review cycles, and organization-wide adoption
- Partner with Legal and Security leadership on security-related contractual obligations, including review and negotiation of security addenda
Culture & Values
Move at rocket speed, build something massive.
We’re scaling fast, solving real client problems with precision and ambition. Here, you own your impact; full autonomy, no micromanagement, no fluff.
We hire the best, expect the best, and give you the masterclass of your career. It’s hard, it’s intense, and it’s the most rewarding work you’ll ever do. If you’re hungry, driven, and ready to build something massive, climb aboard.
Requirements
- 8+ years of experience in Governance, Risk, and Compliance, Information Security, or a related field, with at least 3 years in a leadership or program ownership role
- Deep expertise across compliance frameworks including SOC1, SOC 2, PCI, HIPAA, and ISO certifications
- Proven track record managing audit programs end-to-end, including direct relationships with external auditors
- Experience building or scaling a GRC function, including team hiring and development
- Strong understanding of vendor risk management, third-party due diligence, and risk-based decision-making
- Ability to translate complex compliance and risk topics for executive and board-level audiences
- Excellent cross-functional influencing skills — comfortable working with Legal, Engineering, and business leadership
- Willingness to work in person at our office 4-5 days a week
Why Join
Growth and impact. It’s not often that you can get in on the ground floor of a funded (unicorn!) startup that’s scaling so fast. That means that instead of following a playbook, you’ll be writing it. Every single day you will be challenged to identify how we can scale and execute on it. You’ll learn what works when you succeed and what doesn’t when you fail. Either way, the rest of the team will be here to support you.
Benefits
In addition to the growth and impact you’ll have at EliseAI, we offer competitive salaries along with the following benefits:
- Equity in the company
- Medical, Dental and Vision premiums covered at 100%
- Fully paid parental leave
- Commuter benefits
- 401k benefits
- Fitness & home services stipend to cover part of your expenses so you can focus on what matters
- A collaborative in-office environment with an open floor plan, fully stocked kitchen, and all meals covered in the office
- Unlimited vacation and paid holidays
- We'll cover relocation packages and make the move exciting, not painful!
Job Compensation Range
The salary range for this role is $200,000 - $275,000. EliseAI offers a competitive total rewards package which includes base salary, equity, and a comprehensive benefits & perks package. Exact compensation is determined based on a number of factors including experience, skill level, location and qualifications which are assessed during the interview process. Additional details about total compensation and benefits will be provided by our Recruiting Team during the hiring process.
Equal Employment Opportunity
EliseAI provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Please note that employment with EliseAI is on an "at-will" basis, which means that either the employee or the company may terminate the employment relationship at any time, with or without cause or notice.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at recruiting@eliseai.com
Key skills/competency
- Governance, Risk, and Compliance (GRC)
- Information Security
- Compliance Frameworks (SOC 1, SOC 2, PCI, HIPAA, ISO)
- Audit Management
- Vendor Risk Management
- Third-Party Due Diligence
- Policy Framework Development
- Cross-functional Collaboration
- Team Leadership and Development
- Risk Assessment and Mitigation
Skills & topics
- Director of Governance, Risk, and Compliance
- GRC
- Information Security
- Compliance
- Risk Management
- IT Audit
- SOC 2
- HIPAA
- PCI DSS
- HITRUST
- Leadership
- Program Management
- Vendor Risk Management
- Third-Party Risk
- Security Policy
- EliseAI
- AI
- PropTech
- HealthTech
- Startup
How to get hired
- Tailor your resume: Highlight your 8+ years in GRC, leadership experience, and expertise in SOC, PCI, HIPAA, and ISO frameworks.
- Showcase audit management skills: Detail your experience with end-to-end audit programs and direct auditor relationships.
- Demonstrate scaling experience: Emphasize your track record in building or scaling GRC functions and managing teams.
- Prepare for culture fit: Be ready to discuss your ability to work cross-functionally and translate complex topics for executives.
- Highlight leadership: Showcase your experience in team hiring, development, and performance management.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key compliance frameworks EliseAI focuses on for the Director of GRC role?
- EliseAI is seeking a Director of Governance, Risk, and Compliance with deep expertise across multiple frameworks including SOC 1, SOC 2, PCI, HITRUST, and HIPAA. Your experience in these areas will be crucial for success in this role.
- How much experience is required for the Director of Governance, Risk, and Compliance position at EliseAI?
- The Director of Governance, Risk, and Compliance role requires a minimum of 8 years of experience in Governance, Risk, and Compliance, Information Security, or a related field. Additionally, at least 3 of those years must be in a leadership or program ownership capacity.
- What is the salary range for the Director of Governance, Risk, and Compliance at EliseAI?
- The salary range for the Director of Governance, Risk, and Compliance position at EliseAI is between $200,000 and $275,000 annually. This is part of a competitive total rewards package including base salary, equity, and comprehensive benefits.
- Does EliseAI offer remote work for the Director of Governance, Risk, and Compliance role?
- No, the Director of Governance, Risk, and Compliance role requires willingness to work in person at EliseAI's office 4-5 days a week, indicating an on-site or hybrid work arrangement.
- What are the core responsibilities of the Director of Governance, Risk, and Compliance at EliseAI?
- The Director of GRC at EliseAI will own and lead the GRC program, manage audit relationships, define compliance roadmaps, scale the GRC team, oversee vendor risk management, and manage security questionnaires. You'll also partner on security-related contractual obligations.
- What kind of impact can I expect to have as the Director of GRC at EliseAI?
- As the Director of GRC, you will have a high-impact role with direct influence on EliseAI's ability to meet critical compliance timelines and support business operations. You'll be instrumental in scaling risk and compliance programs for a rapidly growing unicorn startup.
- What benefits does EliseAI offer to employees?
- EliseAI offers a comprehensive benefits package including equity, 100% covered medical, dental, and vision premiums, paid parental leave, commuter benefits, 401k, fitness/home services stipend, covered meals in office, unlimited vacation, and relocation packages.