Governance, Risk, and Compliance Officer (Part-Time)

FreedSan Francisco, California

Apply with Sonara

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.¹

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

Overview

Schedule

Part-time

Career level

Senior-level

Remote

Hybrid remote

Benefits

Health Insurance

Dental Insurance

Vision Insurance

Job Description

ABOUT FREED:

Doctors are overworked, burnt out, and are quitting in masses.

At Freed, we combine clinician love with the latest AI tech and intense execution to create products that make clinicians happier.

Our first product is an AI scribe that automates medical documentation.

Since May of 2023, we have:

Acquired 26,000 paying and loving clinicians
Generated 100,000 patient notes daily and over 3 million monthly
Made thousands of clinicians happier

With the backing of Sequoia Capital and other world-class VC’s, we are rapidly expanding our product offering. Patient-facing assistants, patient insights, EHR integrations, and other products are being built and used by thousands of clinicians every day.

We are looking for entrepreneurs. Fast, ambitious, and smart individuals who want to take care of the people who care for our health. Expect intense, clinician-focused, and interesting co-workers who want to win.

With an office in San Francisco, we embrace a hybrid schedule that brings out the best in teamwork and innovation. Our teams come together in person three days a week to collaborate, connect, and have a little fun along the way.

ABOUT THE ROLE:

We are hiring a Fractional GRC Manager (part-time, ~20 hrs/week) to build and own our compliance function.

Freed operates in a highly regulated environment (SOC 2 Type 2, HIPAA) with PHI flowing across 150+ vendors. Today, compliance work is fragmented across senior leaders, creating inefficiencies, audit friction, and product delays.

This role will act as the single accountable owner for Governance, Risk, and Compliance, responsible for maintaining audit readiness, unblocking product and vendor workflows, and reducing the compliance burden on engineering and leadership.

This is a hands-on, embedded operator role - not advisory. You will work closely with Finance, Engineering, Infrastructure, Legal, and GTM teams.

HOW YOU'LL HAVE IMPACT:

Audit & Certification Ownership
- Own SOC 2 and HIPAA programs end-to-end
- Manage auditor relationships and streamline evidence collection
- Maintain continuous audit readiness via Drata
- Improve audit efficiency
Vendor Compliance & Risk Management
- Own vendor compliance intake (BAAs, DPAs, security reviews)
- Build and maintain a centralized vendor registry with PHI exposure mapping
- Establish fast, repeatable onboarding processes
- Partner with Engineering on vendor security assessments

Policy & Governance
- Audit and remediate ~30 existing policies with outdated ownership structures
- Replace “phantom roles” (e.g., Security Officer) with real owners
- Establish a meaningful policy review cadence
- Draft new policies (data retention, vendor management, access controls)

Compliance Operations
- Own and operate Drata (controls, evidence, personnel tasks)
- Manage Trust Center accuracy and external posture
- Handle customer security questionnaires
- Support Sales with compliance documentation for enterprise deals

Risk & Incident Support
- Document PHI data flows and system boundaries
- Support incident response from a compliance perspective
- Stay current on HIPAA and regulatory developments

WHAT YOU WILL BRING:

5+ years in GRC, security compliance, or related roles (startup experience strongly preferred)
Deep experience with SOC 2 and HIPAA (hands-on ownership, not advisory)
Strong familiarity with vendor risk management, BAAs, DPAs, and audits
Experience with tools like Drata or similar compliance platforms
Ability to operate independently in a fractional, high-ownership role
Strong judgment - able to make pragmatic tradeoffs, not over-engineer

NICE TO HAVES:

Exposure to HITRUST or ISO 27001 frameworks
Experience working cross-functionally with Engineering and GTM teams
Background in scaling compliance functions from early-stage

WHAT WE WILL BRING:

Competitive salary and equity in a high-growth company
Opportunity to make an immediate impact
Medical, dental, and vision coverage
Unlimited paid time off
Company-sponsored annual retreats
401(k) plan to support your long-term financial goals
Commuter stipend for San Francisco-based employees

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.

Apply with Sonara Apply manually

FAQs About Governance, Risk, and Compliance Officer (Part-Time) Jobs at Freed

What is the work location for this position at Freed?

This job at Freed is located in San Francisco, California, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.

What pay range can candidates expect for this role at Freed?

Employer has not shared pay details for this role.

What employment applies to this position at Freed?

Freed lists this role as a Part-time position.

What experience level is required for this role at Freed?

Freed is looking for a candidate with "Senior-level" experience level.

What benefits are offered by Freed for this role?

Freed offers following benefits: Health Insurance, Dental Insurance, Vision Insurance, Flexible/Unlimited PTO, 401k Matching/Retirement Savings, and Health & Wellness Programs for this position. Actual benefits may vary depending on the employer's policies and employment terms.

What is the process to apply for this position at Freed?

You can apply for this role at Freed either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.