Sr. GRC Compliance Analyst

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest most effective care possible. Ro is the only company to offer nationwide telehealth labs and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient end-to-end healthcare experience spanning from diagnosis to delivery of medication to ongoing care. Since 2017 Ro has helped millions of patients in nearly every single county in the United States including 98% of primary care deserts.

The healthcare system today is not designed to help patients achieve their goals. It’s designed around institutions such as hospitals and insurance companies. A patient centric healthcare system is one that is designed around the goals a patient wants to achieve. We’re building healthcare that puts patients in control provides reactive and proactive care has transparent pricing and process is extremely effective and ridiculously convenient and evolves over time based on patients’ goals.

Ro has been recognized as a Fortune Best Workplace in New York and Health Care for four consecutive years (2021-2024). In 2023 Ro was also named Best Workplace for Parents for the third year in a row. In 2022 Ro was listed as a CNBC Disruptor 50.

The Governance Risk and Compliance Sr. Analyst role will be a core member of Ro’s GRC team. The GRC team enables Ro to manage risk by vigorously assessing our operations against leading compliance frameworks and standing legislation. This individual contributor role will be a key player leading audit readiness program and other key risk initiatives.

What You'll Do:

• Lead Audit Readiness program overseeing and driving  Ro’s audit readiness initiatives for both internal and external audits ensuring full preparation and alignment with compliance requirements.

• Own and maintain the cyber risk register collaborating with risk owners to quantify risks and develop remediation plans.

• Own Ro’s security and privacy policy program.

• Develop and lead a risk and privacy analytics program that provides business context supporting informed decision-making.

• Performing vendor risk assessments.

What You'll Bring To The Team:

• 5 years’ experience working with risk and compliance frameworks (HIPAA NIST HITRUST SOC2 PCI)

• 3 years of demonstrated success in audit readiness activities

• Understanding of digital eCommerce platforms electronic health records (EHR) systems and traditional business-enabling IT services

• Knowledge of cloud computing platforms (e.g. Amazon Web Services Microsoft Azure Google Cloud) and their security and compliance features.

• Experience with automated continuous compliance tools such as Vanta Drata or Tugboat

• Expertise in using Looker (or similar BI tool) to create dashboards generate reports and visualize GRC data for stakeholders with a focus on simplifying complex data into actionable insights.

• Ability to automate data ingestion transformation and reporting processes using scripting languages such as Python or JavaScript particularly for integrating and managing data from APIs.

• Strong analytical and root cause analysis skills

• Demonstrated the ability to operate with fortitude and finesse while navigating compliance topics with stakeholders.

• Kindness and an ability to communicate to all levels of the organization

Bonus Points:

• Strong experience in GRC applications such as OneTrust or Archer

We've Got You Covered:

• Full medical dental and vision insurance + OneMedical membership

• Healthcare and Dependent Care FSA

• 401(k) with company match

• Flexible PTO

• Wellbeing + Learning & Growth reimbursements

• Paid parental leave + Fertility benefits

• Pet insurance

• Student loan refinancing

• Virtual resources for mindfulness counseling and fitness

The target base salary for this position ranges from $133500 to $157500 in addition to a competitive equity and benefits package (as applicable). When determining compensation we analyze and carefully consider several factors including location job-related knowledge skills and experience. These considerations may cause your compensation to vary.

Ro recognizes the power of in-person collaboration while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area you will be able to join in-person collaborations throughout the year (i.e. during team on-sites).

At Ro we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer we provide equal opportunity in all aspects of employment including recruiting hiring compensation training and promotion termination and any other terms and conditions of employment without regard to race ethnicity color religion sex sexual orientation gender identity gender expression familial status age disability and/or any other legally protected classification protected by federal state or local law.

See our California Privacy Policy here .