At Oura, our mission is to empower every person to own their inner potential. With our award-winning Oura Ring and app, we help over 2.5 million people turn insights about sleep, activity, and readiness into healthier, more balanced lives. We believe that starts from within — by creating a culture where our team feels supported, included, and inspired to do their best work. Our values guide how we show up for each other and our community every day.

We are looking for a Staff Governance, Risk and Compliance (GRC) professional to join our Security Team. This role will serve as a leader and subject matter expert (SME) driving compliance, risk, and governance initiatives. Working closely with leaders across Security, Privacy, Product, and Engineering, this person will own and mature our security and compliance programs such as SOC 2, HIPAA, ISO27001, ISO27799, HITRUST, NIST 800-171, CMMC, and FedRAMP.

The ideal candidate has a proven track record of leading and scaling compliance frameworks, shaping risk management programs, and partnering with business leaders to align governance with organizational goals.

This is a remote U.S. role with a strong preference for candidates based in the East Coast. We have offices in San Francisco and San Diego for those who prefer hybrid or office settings. Oura employees in other major cities (like Boston and New York) occasionally gather informally at local co-working locations.

What you will do:

• Program Ownership: Lead strategic GRC initiatives end-to-end, including achieving and maintaining industry certifications (e.g., SOC 2, HITRUST, ISO 27001).
• Policy & Governance Leadership: Develop, implement, and oversee security and compliance policies; ensure they are embedded into business operations.
• Cross-Functional Risk Leadership: Partner with Product, Engineering, and Privacy to integrate security and compliance by design into new features, infrastructure, and business processes.
• Regulatory & Industry Alignment: Anticipate, monitor, and interpret regulatory changes and industry trends; proactively evolve the GRC strategy.
• Risk Program Leadership: Lead risk assessments and mitigation strategies, ensuring ownership and accountability across teams.
• Audit & Assurance: Oversee audit readiness and execution, including internal, customer, and third-party assessments.

• Team Enablement: Mentor peers and drive a culture of compliance and risk awareness across the company.

Requirements

We would love to have you on our team if you have:

• Experience: 7+ years in GRC, IT compliance, security, or risk management, with demonstrable leadership of cross-functional projects.
  Compliance Knowledge: Deep expertise in frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-171, ISO27001, ISO27799, CMMC, and FedRAMP.
• Technical Skills: Familiarity with IT and cloud environments (AWS, GCP), security controls, and compliance automation tooling.
  Leadership Presence: Ability to influence, communicate, and drive alignment across technical and non-technical stakeholders.
• Audit & Risk Expertise: Strong background in leading risk assessments, compliance audits, and executive-level reporting.
• Preferred Certifications: CGRC, CISA, CRISC, CISSP, or equivalent.

Benefits

At Oura, we care about you and your well-being. Everyone here at Oura has a ring of their own and we are continually looking to improve employee health.

What we offer:

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own plus employee discounts for friends & family
• 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
• Paid sick leave and parental leave

Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. These ranges may be modified in the future.

• Region 1: $149,000 - $186,000 
• Region 2: $138,000 - $172,000 
• Region 3: $128,000 - $160,000 

A recruiter can determine your zones/tiers based on your US location.

We are not considering candidates residing in the following states: Alaska (AK), Delaware (DE), Iowa (IA), Mississippi (MS), Missouri (MO), Nebraska (NE), South Dakota (SD), Vermont (VT), West Virginia (WV), and Wisconsin (WI)

Oura is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.

We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Disclaimer: Beware of fake job offers!
We’ve been alerted to scammers posing as ŌURA recruiters, especially for remote roles. Please note:

• Our jobs are listed only on the ŌURA Careers page and trusted job boards.
• We will never ask for personal information like ID or payment for equipment upfront.
• Official offers are sent through Docusign after a verbal offer, not via text or email.

Stay cautious and protect your personal details.

To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.