Governance Risk & Compliance (Grc) Manager

Job Description:

POSITION SUMMARY

As TransMedics continues its global expansion, the Governance, Risk & Compliance (GRC) Manager will lead and execute our cybersecurity and compliance initiatives across enterprise systems, cloud infrastructure, and medical-device operations. This is a hands-on leadership role, responsible for designing, operating, and continuously improving governance, risk, and compliance processes that meet regulatory, customer, and business expectations.

This role serves as a key partner to Information Security, Cloud & Infrastructure, Legal, Quality, and Finance, ensuring TransMedics maintains compliance with frameworks and mandates such as NIST CSF 2.0, NIST 800-171, HIPAA, FDA, GDPR, SOX, C-SCRM, and SEC cybersecurity disclosure requirements. The GRC Manager will combine operational execution with program-level oversight, supporting TransMedics' mission to deliver life-saving innovation with integrity and resilience.

RESPONSIBILITIES

This position is responsible for, but not limited to, the following:

• Regulatory & Framework Expertise: Strong understanding of regulatory compliance in healthcare, medical-device, and technology sectors (HIPAA, FDA, GDPR, C-SCRM, SOX, SEC disclosures). Hands-on experience with NIST CSF 2.0, NIST 800-171, and other compliance frameworks to drive risk management initiatives and ensure audit readiness. Deep knowledge of medical-device cybersecurity expectations (SBOMs, vulnerability handling, patch management).
• Governance, Risk, & Compliance (GRC) Program Management: Design, implement, and continuously improve a comprehensive GRC program aligned with regulatory requirements, internal policies, and industry best practices. Define and prioritize program goals, manage timelines, track compliance metrics, and ensure full compliance with applicable cybersecurity standards.
• Vendor & Third-Party Risk Management: Lead third-party risk assessments and manage the full lifecycle of vendor risk evaluations, tiering, and continuous monitoring. Collaborate with Procurement and Legal to ensure security terms in contracts and assess risks for all third-party vendors (aligned with NIST C-SCRM). Ensure vendors meet cybersecurity requirements, including documentation and compliance controls, and oversee ongoing vendor audits.
• Audit & Control Testing: Coordinate and execute internal and external audits, including SOC reports, vulnerability assessments, and risk assessments to ensure proper controls are in place. Maintain and manage evidence repositories for audit purposes, ensuring all activities and controls are documented in alignment with SOX ITGC requirements and external auditors. Track and manage CAPAs (Corrective and Preventive Actions) and POA&Ms (Plans of Action & Milestones) for audit remediation.
• Risk Assessment & Cyber Risk Register Management: Own and maintain the cyber risk register, conducting risk assessments for technology systems, cloud infrastructure, and medical devices. Identify and prioritize risks, and ensure the timely execution of risk mitigation activities across the organization. Develop, track, and report on Key Risk Indicators (KRIs), working with business and technology teams to address risk exposures.
• Cross-functional Collaboration & Reporting: Collaborate with senior leadership, IT, Legal, Quality, Product Security, and Finance teams to ensure alignment with overall business goals and compliance objectives. Develop and deliver regular risk and compliance reports to executive leadership and board members, summarizing findings, recommendations, and compliance status. Work closely with internal teams to provide governance over incident management, ensuring regulatory requirements are met during any cybersecurity incidents.
• Technology & Tool Proficiency: Proficient in using GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust, Drata) for risk management, evidence collection, and compliance tracking. Familiar with audit management tools and document management systems to ensure compliance and audit readiness.
• Perform other TransMedics tasks and duties as assigned/required.

MANAGEMENT RESPONSIBILITIES

• This position will initially not have management responsibilities.

PHYSICAL ATTRIBUTES

• None (standard work environment)

MINIMUM QUALIFICATIONS

• Bachelor's degree in Information Security, IT Management, Business, or related field.
• 6+ years of experience in governance, risk, compliance, audit, or cybersecurity; at least 2 years in a leadership or program-lead role (preferred).
• Deep understanding of NIST CSF 2.0, NIST 800-171, HIPAA, GDPR, FDA, SEC cyber disclosure requirements, and SOX ITGCs.
• Demonstrated experience managing vendor/third-party risk programs and supply-chain cybersecurity risk.
• Proven track record in translating regulatory requirements into operational controls, evidencing audit readiness.
• Strong analytical, organizational, and documentation skills with high attention to detail.
• Excellent cross-functional communication and collaboration skills; ability to interact with technical, business, legal, and executive stakeholders.
• Hands-on mindset: ability to build templates, map controls, pull evidence, and operate tooling as needed.

PREFERRED QUALIFICATIONS

• Professional certifications: CISA, CISM, CRISC, CIPM/CIPT, or HCISPP (willingness to pursue)
• Experience in a regulated healthcare, medical-device, or life-sciences environment.
• Familiarity with GRC platforms/tools (ServiceNow GRC/IRM, RSA Archer, OneTrust, Drata) and audit evidence-management workflows.
• Experience developing executive/board-level cybersecurity and compliance reports and metrics.

Every Organ Wasted is a Life Not Saved.

TransMedics, Inc. is a commercial-stage medical technology company transforming organ transplant therapy for patients worldwide. Our mission is to help save more patients' lives by increasing access to viable donor organs for those who are awaiting an organ transplant. To accomplish this mission, we partner closely with transplant stakeholders worldwide and help expand their access to healthy donor organs, while delivering the highest quality technology, service, clinical care and outcomes.

Driven by a passion for improving patient care, we make the impossible possible and keep our employees at the center of everything we do. Together, we strive to enhance the quality of life for transplant recipients and their families, fostering hope and healing in the journey toward better health.

Maximize your potential at TransMedics, Inc.

www.TransMedics.com

Employee Benefit:

Medical with Health Reimbursement Account through Blue Cross/Blue Shield of MA

Dental

Vision

Healthcare Flexible Spending Account

Dependent Care Flexible Spending Account

Short Term Disability

Long Term Disability

401K Plan

Pet insurance

Employee Stock Purchase Plan

TransMedics is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, marital status, age, disability or protected veteran status, or any other characteristic protected by law. We are committed to creating an inclusive environment for all employees.