About Us:
Hippocratic AI is developing the first safety-focused Large Language Model (LLM) for healthcare. Our mission is to dramatically improve healthcare accessibility and outcomes by bringing deep healthcare expertise to every person. No other technology has the potential for this level of global impact on health.
Why Join Our Team:
Innovative mission: We are creating a safe, healthcare-focused LLM that can transform health outcomes on a global scale.
Visionary leadership: Hippocratic AI was co-founded by CEO Munjal Shah alongside physicians, hospital administrators, healthcare professionals, and AI researchers from top institutions including El Camino Health, Johns Hopkins, Washington University in St. Louis, Stanford, Google, Meta, Microsoft and NVIDIA.
Strategic investors: Raised $137 million from top investors including General Catalyst, Andreessen Horowitz, Premji Invest, SV Angel, NVentures (Nvidia Venture Capital), and Greycroft.
Team and expertise: We are working with top experts in healthcare and artificial intelligence to ensure the safety and efficacy of our technology.
For more information, visit www.HippocraticAI.com.
We value in-person teamwork and believe the best ideas happen together. Our team is expected to be in the office five days a week in Palo Alto, CA unless explicitly noted otherwise in the job description
About the role:
As the Security GRC and Operations Lead at Hippocratic AI, you'll lead the charge to ensure security compliance across all our product offerings. Your role involves managing a comprehensive information security GRC program, navigating new and existing compliance standards, and building the security operations program to ensure proper oversight for monitoring and data compliance. You will be a member of the security team reporting to the CISO.
Responsibilities:
Work with the CISO and other stakeholders to Identify, assess, and prioritize IT risks, advising stakeholders on appropriate courses of action to mitigate or eliminate risk. Serve as a trusted resource for healthcare-related risk and compliance inquiries.
Implement and maintain relevant legal and regulatory requirements, including SOC2, ISO, HITRUST, HIPAA Privacy & Security, HITRUST and other CMS regulations and guidelines updated by the Federal Government.
Be the leader and central point of contact for ongoing audits. Work across all departments including sales, engineering, devops and clinical teams.
Develop and optimize audit evidence collection and responses for Request for Proposals (RFPs)
Develop targeted training programs to educate staff on patient privacy, data security, and regulatory requirements and foster a culture of compliance and accountability across clinical and administrative teams.
Facilitate a metrics and reporting framework to measure program efficiency and effectiveness, ensuring appropriate resource allocation and increasing security maturity.
Prepare clear, actionable reports for leadership regarding compliance gaps and solutions. Assist in executive reporting, tabletop exercises and Build robust dashboarding and tooling to support the ongoing operational monitoring and detection capabilities.
Qualifications & Skills
Education & Experience
Bachelor’s degree with additional Certifications (e.g., CISM, CHPC, CRISC) preferred.
5+ years in GRC, compliance, or audit, ideally within a healthcare, pharma or payor environment.
Technical & Professional Skills
Familiarity with healthcare regulations and frameworks (HIPAA, HITRUST).
Proven experience in risk assessments, auditing, and compliance reviews.
Strong analytical, problem-solving, and communication skills.
Soft Skills
Startup experience
Detail-oriented with high ethical standards.
Ability to collaborate effectively across clinical, administrative, and technical teams.
Organized and adaptable to shifting priorities in a fast-paced healthcare setting.
Other Attributes:
High personal integrity, ability to handle confidential matters, and demonstrate judgment and maturity.
Initiative, dependability, and ability to work with minimal supervision.