GRC Analyst

📋 Description

• Support and conduct audits to ensure HIPAA and SOC2 compliance
• Develop, maintain policies and docs
• Prepare audit evidence, findings, and remediation tracking
• Coordinate with external auditors and internal control owners throughout the audit process
• Identify compliance gaps and support risk treatment plans
• Perform risk assessments across systems, applications, and vendors

🎯 Requirements

• 4+ years in GRC, information security, or compliance with hands-on audit and risk management
• Working knowledge of HIPAA, SOC2, and applicable regulatory requirements
• Experience translating regulatory requirements into policies, controls, and evidence
• Strong understanding of risk assessment methodologies, control frameworks, and governance best practices
• Collaborate with technical teams to embed security/privacy in design
• Experience managing audits and working with external auditors

🎁 Benefits

• Competitive total rewards package
• 100% company-paid health insurance for yourself
• 401(k) with company match
• Remote-first environment
• Unlimited PTO
• Inclusive family leave policy