Xenter Careers

Governance, Risk & Compliance Lead

About Xenter

Xenter is advancing a new generation of medical technologies—from diagnostic tools that help identify conditions earlier to procedural innovations designed to support more cost-effective treatment options across a broad patient population. By improving how conditions are identified and how procedures are performed, Xenter provides clinicians with real-time insight to support more precise and consistent decision-making. These products are designed with a strong focus on data, validation, and continuous improvement.


Building on this foundation, Xenter is developing a connected clinical intelligence platform that captures and organizes data across procedures and care settings. This platform enables health systems to expand access to advanced diagnostic tools while helping address barriers to care. Over time, this approach is designed to support more efficient care delivery and lower the total cost of care—creating value for providers, health systems, and patients.


At Xenter, you'll join an entrepreneurial team where innovation moves quickly, ideas become reality, and every employee has the opportunity to help shape technologies with the potential to change healthcare worldwide. You'll work alongside industry leaders, influence the direction of a rapidly growing company, and help bring breakthrough technologies from concept to commercialization.

We are hiring a GRC Lead, reporting to our Chief Risk and Information Security Officer (CRISO), to own security, compliance, and privacy assurance across the company. You will work hand in hand with our privacy, security, and compliance legal counsel to build a program that operates within the confines of the regulatory requirements governing our products and data. You will build our governance, risk, and compliance program from the ground up and carry us to certification against HITRUST CSF, ISO/IEC 27001, SOC 2 Type II, and ISO/IEC 42001, while keeping us aligned with HIPAA, FDA cybersecurity expectations, and applicable privacy regulations.

This is a hands-on role first and a leadership role second. In year one you will personally write policies, run risk assessments, gather evidence, and sit across the table from auditors. As the program and the company scale, you will hire and lead the GRC team that grows around you.

What You’ll Do

      Own the certification roadmap — define and execute the path to HITRUST CSF, ISO/IEC 27001, SOC 2 Type II, and ISO/IEC 42001, including readiness assessments, gap remediation, and external audit management.

      Build a unified control framework — maintain a single control set mapped across HITRUST, ISO 27001/27701, SOC 2, HIPAA, FDA premarket and postmarket cybersecurity guidance, and state and international privacy laws, so evidence is collected once and reused everywhere.

      Design scalable controls — favor controls that enable velocity rather than create friction, scale with company growth, and reduce audit burden through automation and evidence reuse.

      Partner with legal counsel — build the program alongside our privacy, security, and compliance legal counsel, ensuring policies, controls, and practices stay within the confines of the regulatory requirements that apply to us.

      Run the risk program — stand up enterprise risk management: risk register, risk treatment, third-party and vendor risk, and product security risk in partnership with quality and regulatory teams.

      Write and operationalize policies — author the policy library, select and administer compliance automation tooling, and drive continuous control monitoring and evidence collection.

      Secure a diverse technology footprint — partner with engineering across very different surfaces: cloud infrastructure, a consumer mobile app, silicone manufacturing operations, and edge computing hardware living on hospital networks.

      Be the face of trust to hospitals — lead responses to hospital security reviews, customer security questionnaires, MDS2 forms, and BAA negotiations; make it easy for health systems to say yes to Xenter.

      Lead privacy — own HIPAA compliance, GDPR, CCPA and other state privacy law obligations for our consumer app, data mapping, and privacy impact assessments.

      Govern AI responsibly — establish AI governance under ISO/IEC 42001 in partnership with our data science and product teams as AI capabilities ship in our products.

      Build the human layer — run security awareness training, incident response exercises, and business continuity and disaster recovery planning and testing.

      Scale the team — define the GRC hiring plan, recruit and mentor analysts and managers, and report program health, risk posture, and certification progress to executive leadership.

What You Bring

      7+ years in information security, compliance, or GRC, with 3+ years leading framework implementations end to end — not just maintaining programs someone else built.

      You have taken an organization through first-time HITRUST CSF certification and/or ISO 27001 certification, plus SOC 2 Type II; working familiarity with ISO/IEC 42001 or a strong point of view on AI governance.

      Healthcare or medical device industry experience strongly preferred, including HIPAA, FDA cybersecurity guidance (e.g., Section 524B premarket requirements), and the realities of hospital IT security review.

      Comfort operating across cloud (AWS/Azure), mobile, embedded and edge devices, and manufacturing environments — you can hold a credible conversation with each of those engineering teams.

      A track record of being an early or first GRC hire: building from zero, staying hands-on, then hiring and leading a team as the company grows.

      Clear, confident communication with executives, auditors, engineers, and hospital CISOs alike.

Certifications

One or more of the following (or equivalent) is a strong plus: CISSP, CISM, CISA, CRISC, HITRUST CCSFP, ISO/IEC 27001 Lead Implementer or Lead Auditor, CGRC, CCSP/CCSK, CIPP or CIPM.

Location

This role is based full-time in our Draper, Utah office. We build physical products alongside the teams that design, manufacture, and support them, and this role works best shoulder to shoulder with those teams.

Research & Development

Draper, UT

Teilen auf:

NutzungsbedingungenDatenschutzCookiesPowered by Rippling