Governance, Risk, and Compliance Analyst

SWORD Health Logo

SWORD Health

πŸ“Remote - United Kingdom, Portugal

Summary

Join Sword Health as a GRC Analyst and play a pivotal role in ensuring compliance with complex regulatory frameworks. You will lead compliance initiatives like SOC 2 and ISO 27001, conduct audits, improve risk management, and mentor junior team members. This role requires 5+ years of experience in information security and leading complex frameworks. Sword Health offers a variety of benefits, including comprehensive health insurance, equity shares, PTO, parental leave, and flexible working hours. The company is remote-first and values a culture of continuous learning and improvement. This is an opportunity to make a significant impact on a massive scale within a growing, mission-driven organization.

Requirements

  • 5+ years of hands-on experience in Information Security certifications with proven success leading complex frameworks like SOC 2, ISO 27001, PCI-DSS, and HITRUST independently
  • Demonstrated experience in conducting and leading audits and maintaining compliance in highly regulated and complex environments such as Healthcare and AI
  • Excellent communication and leadership skills, with a demonstrated ability to mentor junior team members and communicate compliance requirements effectively to non-technical audiences
  • Strong analytical and problem-solving skills, with a proactive calculated approach to mitigating compliance risks
  • Self-starter approach with the ability to operate with minimal supervision

Responsibilities

  • Lead the implementation and maintenance of key compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS
  • Work closely with the Director of Risk and Compliance to continuously improve Sword’s GRC programs, driving initiatives to meet high compliance standards across Healthcare and AI
  • Take full ownership of specific compliance certifications and audits, ensuring timely and effective execution
  • Mentor and support junior team members, fostering a culture of continuous learning and improvement in the compliance function
  • Conduct comprehensive risk assessments, including third-party vendor risk management, and propose strategies to mitigate identified risks
  • Spearhead internal and external audits for current and future compliance initiatives, ensuring accurate and efficient audit preparation and follow-up
  • Develop and enhance processes related to security questionnaires, client security assessments, and compliance training at all organizational levels

Preferred Qualifications

  • A strategic mindset with the ability to identify process improvements and drive compliance initiatives across multiple teams
  • Strong track record of implementing and/or improving Risk Management Programs, including third-party risk management
  • Experience with FedRAMP or similar government-focused compliance frameworks
  • Practical knowledge of security practices, including Penetration Testing, DevSecOps, or other hands-on security skills that can enhance compliance work
  • In-depth knowledge of relevant laws, regulations, and security standards, particularly in the healthcare sector
  • Previous experience in a healthcare startup
  • Demonstrated ability to balance long-term compliance strategy with short-term tactical needs

Benefits

  • Comprehensive health, dental and vision insurance*
  • Equity shares*
  • Discretionary PTO plan*
  • Parental leave*
  • 401(k)
  • Flexible working hours
  • Remote-first company
  • Paid company holidays
  • Free digital therapist for you and your family
  • Health, dental and vision insurance
  • Meal allowance
  • Equity shares
  • Remote work allowance
  • Flexible working hours
  • Work from home
  • Unlimited vacation
  • Snacks and beverages
  • English class
  • Unlimited access to Coursera Learning Platform

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs