Garnerhealth
Garnerhealth

Senior GRC Analyst

otherfull-timeRemote
SALARY
Not listed
WORK TYPE
hybrid
JOB TYPE
full-time
INDUSTRY
healthcare
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

About the role:

We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow.

Where you will work:

This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.

What you will do:

  • Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle
  • Serve as the subject matter expert across the company on our compliance frameworks
  • Serve as the primary point of contact for external auditors and assessors
  • Manage Garner’s Security and Privacy trust center
  • Maintain the risk register and drive risk identification, scoring, and reporting
  • Manage the maintenance of our compliance policies, standards, and procedures
  • Report on our compliance posture to senior leadership
  • Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest

The ideal candidate has:

  • 5+ years of experience in GRC, IT audit, or information security compliance
  • Prior experience with HITRUST, SOC 2, and ISO 27001 audits
  • Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment
  • Proven ability to adapt your communication style across engineers, operators, and executives
  • A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
  • Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred
  • A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback

Technologies we use:

  • AWS, Okta, Datadog, Retool, Gitlab, Vanta
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply
Apply now
Senior GRC Analyst at Garnerhealth — Remote