Senior Governance, Risk, Compliance (GRC) Analyst

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Governance, Risk, Compliance (GRC) Analyst in United States.

This role sits at the core of a rapidly scaling security organization responsible for protecting sensitive healthcare data across millions of patients and providers. You will help design and operate a modern, AI-enabled GRC program that supports compliance, risk visibility, and security assurance across a fast-growing healthtech platform. The position spans multiple domains, including audit readiness, third-party risk management, security awareness, and technical risk governance. You will work closely with Security, Privacy, Engineering, Legal, and IT teams to embed compliance into day-to-day operations rather than treating it as a standalone function. The environment is highly collaborative and mission-driven, with a strong emphasis on automation, scalability, and continuous improvement. This is a high-impact opportunity to help shape how compliance is operationalized in a modern digital healthcare company.

• Support audit readiness and ongoing compliance for frameworks such as HITRUST, SOC 2, PCI-DSS, and HIPAA, including evidence collection, control tracking, and remediation coordination.
• Build and manage the third-party risk management program, including vendor assessments, security questionnaires, SOC/ISO reviews, and risk scoring processes.
• Design and operate a scalable security awareness program, including training modules, phishing simulations, and compliance tracking.
• Maintain and enhance the centralized risk register, ensuring risks are properly identified, assessed, tracked, and communicated to stakeholders.
• Partner with Engineering, Privacy, Legal, and IT teams to integrate compliance requirements into product and operational workflows.
• Support continuous improvement of GRC processes using automation and AI-enabled tooling.
• Provide reporting and insights on risk posture, compliance status, and control effectiveness to security leadership.

Requirements:

• 5+ years of experience in Governance, Risk, Compliance, or security risk management roles.
• Familiarity with at least two major compliance frameworks such as HITRUST, SOC 2, PCI-DSS, or HIPAA.
• Experience using modern GRC platforms such as Vanta, Drata, OneTrust, or similar tools.
• Strong ability to communicate complex compliance and risk concepts to both technical and non-technical audiences.
• Proven experience building scalable, repeatable compliance and risk processes in fast-paced environments.
• Strong collaboration skills with cross-functional teams including Engineering, Legal, Privacy, and IT.
• Interest in leveraging AI and automation to improve GRC operations and efficiency.
• Healthcare or healthtech experience and familiarity with HIPAA requirements is a plus.

Benefits:

• Competitive salary ranging from $161,600 to $202,000 USD depending on experience and location.
• Equity compensation as part of the total rewards package.
• Comprehensive health, dental, and vision insurance coverage.
• 401(k) retirement savings plan.
• Flexible remote work environment with home office support stipend.
• Paid parental leave (up to 16 weeks for eligible employees).
• Mental health and therapy reimbursement benefits.
• Fertility support and family-building benefits.
• Flexible PTO, paid holidays, and end-of-year company shutdown period.
• Training, learning, and professional development support.