Senior Manager, Governance Risk & Compliance
Legal
United States
USD 130k-160k / year
About Sound
Founded in 2001 and headquartered in Nashville, TN, Sound Physicians is a nationally respected, physician-led medical group practicing in 400+ hospitals across 45 states. Our team of 4,000+ clinicians and 1,000+ business professionals across the country is united by one mission: to build exceptional clinical partnerships that unlock quality, affordable, dignified care for everyone – no matter who they are or where they live. With physician-led clinical teams and more than two decades of operational expertise, we’ve refined what it takes to consistently deliver exceptional care in hospital medicine, emergency medicine, critical care, anesthesia, and telemedicine.
Why join us?
- A remote-first culture that values flexibility and collaboration
- Opportunities to grow your career while making a real impact
- A team that champions inclusivity, innovation, and excellence
Whether working virtually or onsite at one of our practices, you’ll be part of a purpose-driven organization shaping the future of healthcare.
Sound Physicians offers a competitive benefits package inclusive of the items below, and more:
- Medical insurance, Dental insurance, and Vision insurance
- Health care and dependent care flexible spending account
- 401(k) retirement savings plan with a company match
- Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
- Ten company-paid holidays per year
About the Role
The Senior Manager, Governance, Risk, and Compliance (GRC) leads the execution of the enterprise information security GRC program and report directly to the CISO. This role translates the CISO’s cybersecurity strategy and risk tolerance into scalable and defined processes, measurable outcomes, and defensible compliance posture. The Senior Manager serves as the primary owner of day to day security risk management, governance, and compliance activities, providing clear risk visibility and enabling informed executive decision making.
Essential Duties and Responsibilities
- GRC Program Execution: Operate and mature the enterprise GRC program aligned to the CISO’s strategy and risk appetite.
- Security Risk Management: Own the security risk lifecycle, including assessments, tracking, remediation, and escalation of material risks to the CISO.
- Governance & Policy: Maintain the security policy framework and translate standards (e.g., NIST CSF, ISO 27001, SOC 2) into actionable control requirements.
- Compliance & Audit: Manage security related compliance activities and audits; maintain evidence and track remediation to closure.
- Third Party Risk: Operate the vendor security risk management program and escalate high risk vendors and systemic issues.
- Metrics & Reporting: Produce concise risk and compliance metrics and dashboards for the CISO and senior leadership.
- Enablement & Leadership: Mentor GRC staff and act as a trusted advisor to Security, IT, Legal, Privacy, and business teams.
- Security Program Direction: Partner with the CISO and Sr. Manager of Security Operations to update the Strategic Information Security Program.
Values
- Persistent: Demonstrates the ability to “keep at it” even when obstacles or challenges are present; returns to the work at hand after a change of course.
- Collaborative: Demonstrates the ability to work well with others to accomplish a goal and get the work done; takes opinions of others into consideration; includes others in the decision-making process
- Trustworthy: Demonstrates a high degree of integrity; keeps confidences; does what they say they will do.
- Resourceful: Proactive willingness to utilize available information and tools to figure things out.
- Strategic thinker: Demonstrates the ability to look at the big picture and proactively develop a plan of action.
Knowledge, Skills, and Abilities
- Strong knowledge of HIPAA Security rule, NIST CSF, ISO 27001, SOC 2, and security risk practices.
- Experience with risk assessments, audits, and control testing.
- Ability to clearly communicate security risk to senior leaders.
- Proven ability to mentor and develop GRC team members and develop working relationships across organizations.
- Broad knowledge of technology and security risks.
Education and Experience
- Bachelor’s degree in Information Security, Cybersecurity, Information Systems, Computer Science, Business Administration, or a related field
- 7+ years of experience in information security GRC or risk management.
- Preferred: CISSP, CISM, CRISC, CISA, or similar certifications. Experience in a CISO led security organization or regulated environment.
Salary Range
This position offers an annual salary range of $130,000-$160,000. Exact salary will depend on the candidate’s experience, education and geographic location. This position is eligible for additional compensation beyond base pay.
Sound Physicians is an Equal Employment Opportunity (EEO) employer and is committed to diversity, equity, and inclusion at the bedside and in our workforce. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by federal, state, or local laws.
This job description reflects the present requirements of the position. As duties and responsibilities change and develop, the job description will be reviewed and subject to amendment.
