John Attia
@johnattia
GRC product executive building AI-enabled SaaS that modernizes regulated workflows with measurable outcomes.
What I'm looking for
I’m an executive product and technology leader with 10+ years across GRC, enterprise risk, security, compliance, and configurable SaaS platforms. I build AI-enabled products that make complex regulated workflows faster, more explainable, and more auditable—translating ambiguous regulatory and operational requirements into scalable systems and quantified risk intelligence.
Most recently, I owned product vision and roadmap for an AI-enabled GRC SaaS platform, aligning strategy with market demand, engineering capacity, and customer needs. At CENCORA, I led product management and compliance IT across 20+ business units, consolidated fragmented GRC capabilities into a configurable SaaS platform, and retired 7+ legacy systems—delivering $3M+ in tooling savings while scaling electronic, auditable workflows to 40 countries and ~50,000 users. I also conceived and led CLEAR-T, an AI-assisted controlled language framework that improved consistency and reduced external translation footprint by ~80%, generating roughly $2M in savings, and helped embed sanctions and ABAC risk signals into the central GRC platform through an enterprise anti-bribery and anti-corruption program. Earlier, as a GRCSecurityEngineer and Senior Governance, Risk, and Compliance Consultant, I built end-to-end third-party risk and vulnerability-management workflows in Archer/Qualys, applied FAIR risk quantification, and supported ISO 27001, HIPAA, NIST CSF, and PCI-DSS readiness for regulated organizations.
Experience
Work history, roles, and key accomplishments
Head of Product, GRC
Compyl
Mar 2026 - May 2026 (2 months)
Owned product vision and roadmap for an AI-enabled GRC SaaS platform and aligned strategy with market demand, engineering capacity, and customer needs. Delivered a major product release within two months and introduced agentic competitive-intelligence workflows.
Led product management and compliance IT for a global healthcare and logistics environment, supporting 20+ business units across compliance, regulatory, and enterprise risk workflows. Consolidated GRC capabilities into a configurable SaaS platform, delivered $3M+ tooling savings, and built CLEAR-T plus an ABAC-enabled anti-bribery/anti-corruption program.
GRC Security Engineer
Aqua / Essential Utilities
Apr 2020 - Jul 2021 (1 year 3 months)
Designed and implemented an end-to-end third-party risk process in Archer IRM, integrating vendor risk evaluation into governance workflows. Built vulnerability-management integration between Qualys and RSA Archer and led remediation for 100+ high-severity vulnerabilities.
Senior Governance, Risk & Compliance
Security Risk Advisors
May 2016 - Apr 2020 (3 years 11 months)
Built vulnerability metrics and Archer applications to track issues and remediation across large enterprise environments. Facilitated FAIR risk-quantification workshops and mapped ISO 27001, HIPAA, NIST CSF, and supported PCI-DSS assessments and QSA audit activities for regulated clients.
Education
Degrees, certifications, and relevant coursework
John hasn't added their education
Don't worry, there are 90k+ talented remote workers on Himalayas
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring John?
You can contact John and 90k+ other talented remote workers on Himalayas.
Message JohnGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
