Senior Governance, Risk, Compliance (GRC) Analyst

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Governance, Risk, Compliance (GRC) Analyst in United States.

This role sits at the core of a rapidly scaling security organization responsible for protecting sensitive healthcare data across millions of patients and providers. You will help design and operate a modern, AI-enabled GRC program that supports compliance, risk visibility, and security assurance across a fast-growing healthtech platform. The position spans multiple domains, including audit readiness, third-party risk management, security awareness, and technical risk governance. You will work closely with Security, Privacy, Engineering, Legal, and IT teams to embed compliance into day-to-day operations rather than treating it as a standalone function. The environment is highly collaborative and mission-driven, with a strong emphasis on automation, scalability, and continuous improvement. This is a high-impact opportunity to help shape how compliance is operationalized in a modern digital healthcare company.

Accountabilities:

• Support audit readiness and ongoing compliance for frameworks such as HITRUST, SOC 2, PCI-DSS, and HIPAA, including evidence collection, control tracking, and remediation coordination.
• Build and manage the third-party risk management program, including vendor assessments, security questionnaires, SOC/ISO reviews, and risk scoring processes.
• Design and operate a scalable security awareness program, including training modules, phishing simulations, and compliance tracking.
• Maintain and enhance the centralized risk register, ensuring risks are properly identified, assessed, tracked, and communicated to stakeholders.
• Partner with Engineering, Privacy, Legal, and IT teams to integrate compliance requirements into product and operational workflows.
• Support continuous improvement of GRC processes using automation and AI-enabled tooling.
• Provide reporting and insights on risk posture, compliance status, and control effectiveness to security leadership.

Requirements:

• 5+ years of experience in Governance, Risk, Compliance, or security risk management roles.
• Familiarity with at least two major compliance frameworks such as HITRUST, SOC 2, PCI-DSS, or HIPAA.
• Experience using modern GRC platforms such as Vanta, Drata, OneTrust, or similar tools.
• Strong ability to communicate complex compliance and risk concepts to both technical and non-technical audiences.
• Proven experience building scalable, repeatable compliance and risk processes in fast-paced environments.
• Strong collaboration skills with cross-functional teams including Engineering, Legal, Privacy, and IT.
• Interest in leveraging AI and automation to improve GRC operations and efficiency.
• Healthcare or healthtech experience and familiarity with HIPAA requirements is a plus.

Benefits:

• Competitive salary ranging from $161,600 to $202,000 USD depending on experience and location.
• Equity compensation as part of the total rewards package.
• Comprehensive health, dental, and vision insurance coverage.
• 401(k) retirement savings plan.
• Flexible remote work environment with home office support stipend.
• Paid parental leave (up to 16 weeks for eligible employees).
• Mental health and therapy reimbursement benefits.
• Fertility support and family-building benefits.
• Flexible PTO, paid holidays, and end-of-year company shutdown period.
• Training, learning, and professional development support.

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Why Apply Through Jobgether? Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. #LI-CL1