GRC Lead (Governance, Risk & Compliance)

Human Health Project (HHP) is a holistic health literacy charity. Our mission is to improve the health of the underserved and vulnerable through holistic information, education and advocacy. Our objective is to empower people to manage their own health with improved outcomes and no medical errors. For more information, please visit our website including viewing our "Shared Patient Information" program page which includes 50 pages of reports on both our Migraine and Lupus and feedback received from people who reviewed the reports in the section, "What Our Members are Saying" - https://tinyurl.com/4c5y3mfa and our "Healthcare Access Program" which includes short video courses in our Learning Academy - https://tinyurl.com/4xwdz5wh , Patient Advocacy Workshops in Los Angeles, - https://tinyurl.com/mryave5x and in Northern Ireland - https://tinyurl.com/nhj6kp7p and our Online Peer to Peer Events - https://tinyurl.com/5ddmxuyn

Volunteer Opportunity | Remote | Human Health Project

DETAILS

Available Times: Weekdays (daytime or evenings)

Time Commitment: A few hours per week

Recurrence: Recurring

Volunteers Needed: 1

Cause Areas: Health & Medicine, Science & Technology

Location: Remote. Volunteer can be anywhere in the world.

Reports to: Chief Information Security Officer (CISO)

THE OPPORTUNITY

HHP is commercializing the Unified Patient Experience (UPE) platform, a digital health tool that carries

personally identifiable information and protected health information from users across three

jurisdictions. Prospective licensees in insurance, health systems, and higher education will require

evidence of a credible compliance program before they sign. The GRC Lead makes that evidence real.

This role sits inside the CISO organization and works directly with the CISO to build and maintain

HHP's compliance posture across five frameworks: HIPAA, GDPR, COPPA, CPRA, and MODPA.

RESPONSIBILITIES

• Maintain a compliance matrix mapping requirements across HIPAA, GDPR, COPPA, CPRA, and

MODPA to HHP's data practices and controls

• Own the risk register: document identified risks, assigned mitigations, owners, and remediation

status

• Draft and maintain foundational security policies, including data classification, acceptable use,

incident response, and breach notification

• Support the CISO in preparing audit evidence and compliance documentation for commercial

licensing reviews

• Participate in the Security and Privacy Council, HHP's internal governance body for security and

data protection

• Track policy review cycles and flag gaps or expirations

QUALIFICATIONS

Required:

• Demonstrated experience in GRC, compliance, audit, or information security risk management
• Working knowledge of at least two of the five applicable frameworks (HIPAA, GDPR, COPPA,

CPRA, MODPA)

• Ability to translate regulatory requirements into practical, organization-specific controls and

documentation

• Strong written communication skills; comfort drafting policies and procedures

Preferred:

• Experience in healthcare, health tech, or a regulated industry
• Familiarity with cross-border data transfer requirements under GDPR
• Certifications such as CISM, CISA, CRISC, CIPP/US, or CIPP/E
• Experience supporting commercial licensing or audit readiness in a technology organization

ABOUT HUMAN HEALTH PROJECT

Human Health Project (HHP) is a holistic health literacy charity. Our mission is to improve the health of

the underserved and vulnerable through holistic information, education, and advocacy. Our objective is

to empower people to manage their own health with improved outcomes and no medical errors.

Founded in 2002, HHP operates across the United States, Northern Ireland, and the Republic of

Ireland, serving patients and caregivers worldwide through peer-to-peer programs, a multilingual

Learning Academy, and the Unified Patient Experience (UPE) platform. For more information, visit

www.humanhealthproject.org.

ADDITIONAL INFORMATION

This is an unpaid volunteer position. Hours are flexible. All volunteers in the CISO organization are

required to sign HHP's standard volunteer agreement before accessing any HHP systems or

confidential information.

HOW TO APPLY

To apply, please copy/paste the address below in a new tab or window to submit the Pre-Screen Questionnaire and Resume: https://forms.gle/6sefRinUT8wTw7H8A