Senior Governance, Risk, Compliance (GRC) Analyst
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Governance, Risk, Compliance (GRC) Analyst in United States.
This role sits at the core of a rapidly scaling security organization responsible for protecting sensitive healthcare data across millions of patients and providers. You will help design and operate a modern, AI-enabled GRC program that supports compliance, risk visibility, and security assurance across a fast-growing healthtech platform. The position spans multiple domains, including audit readiness, third-party risk management, security awareness, and technical risk governance. You will work closely with Security, Privacy, Engineering, Legal, and IT teams to embed compliance into day-to-day operations rather than treating it as a standalone function. The environment is highly collaborative and mission-driven, with a strong emphasis on automation, scalability, and continuous improvement. This is a high-impact opportunity to help shape how compliance is operationalized in a modern digital healthcare company.
Accountabilities:
- Support audit readiness and ongoing compliance for frameworks such as HITRUST, SOC 2, PCI-DSS, and HIPAA, including evidence collection, control tracking, and remediation coordination.
- Build and manage the third-party risk management program, including vendor assessments, security questionnaires, SOC/ISO reviews, and risk scoring processes.
- Design and operate a scalable security awareness program, including training modules, phishing simulations, and compliance tracking.
- Maintain and enhance the centralized risk register, ensuring risks are properly identified, assessed, tracked, and communicated to stakeholders.
- Partner with Engineering, Privacy, Legal, and IT teams to integrate compliance requirements into product and operational workflows.
- Support continuous improvement of GRC processes using automation and AI-enabled tooling.
- Provide reporting and insights on risk posture, compliance status, and control effectiveness to security leadership.
- 5+ years of experience in Governance, Risk, Compliance, or security risk management roles.
- Familiarity with at least two major compliance frameworks such as HITRUST, SOC 2, PCI-DSS, or HIPAA.
- Experience using modern GRC platforms such as Vanta, Drata, OneTrust, or similar tools.
- Strong ability to communicate complex compliance and risk concepts to both technical and non-technical audiences.
- Proven experience building scalable, repeatable compliance and risk processes in fast-paced environments.
- Strong collaboration skills with cross-functional teams including Engineering, Legal, Privacy, and IT.
- Interest in leveraging AI and automation to improve GRC operations and efficiency.
- Healthcare or healthtech experience and familiarity with HIPAA requirements is a plus.
- Competitive salary ranging from $161,600 to $202,000 USD depending on experience and location.
- Equity compensation as part of the total rewards package.
- Comprehensive health, dental, and vision insurance coverage.
- 401(k) retirement savings plan.
- Flexible remote work environment with home office support stipend.
- Paid parental leave (up to 16 weeks for eligible employees).
- Mental health and therapy reimbursement benefits.
- Fertility support and family-building benefits.
- Flexible PTO, paid holidays, and end-of-year company shutdown period.
- Training, learning, and professional development support.