Governance, Risk, and Compliance Analyst

Summary

Join Sword Health as a GRC Analyst and play a pivotal role in ensuring compliance with complex regulatory frameworks. You will lead compliance initiatives like SOC 2 and ISO 27001, conduct audits, improve risk management, and mentor junior team members. This role requires 5+ years of experience in information security and leading complex frameworks. Sword Health offers a variety of benefits, including comprehensive health insurance, equity shares, PTO, parental leave, and flexible working hours. The company is remote-first and values a culture of continuous learning and improvement. This is an opportunity to make a significant impact on a massive scale within a growing, mission-driven organization.

Requirements

• 5+ years of hands-on experience in Information Security certifications with proven success leading complex frameworks like SOC 2, ISO 27001, PCI-DSS, and HITRUST independently
• Demonstrated experience in conducting and leading audits and maintaining compliance in highly regulated and complex environments such as Healthcare and AI
• Excellent communication and leadership skills, with a demonstrated ability to mentor junior team members and communicate compliance requirements effectively to non-technical audiences
• Strong analytical and problem-solving skills, with a proactive calculated approach to mitigating compliance risks
• Self-starter approach with the ability to operate with minimal supervision

Responsibilities

• Lead the implementation and maintenance of key compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS
• Work closely with the Director of Risk and Compliance to continuously improve Sword’s GRC programs, driving initiatives to meet high compliance standards across Healthcare and AI
• Take full ownership of specific compliance certifications and audits, ensuring timely and effective execution
• Mentor and support junior team members, fostering a culture of continuous learning and improvement in the compliance function
• Conduct comprehensive risk assessments, including third-party vendor risk management, and propose strategies to mitigate identified risks
• Spearhead internal and external audits for current and future compliance initiatives, ensuring accurate and efficient audit preparation and follow-up
• Develop and enhance processes related to security questionnaires, client security assessments, and compliance training at all organizational levels

Preferred Qualifications

• A strategic mindset with the ability to identify process improvements and drive compliance initiatives across multiple teams
• Strong track record of implementing and/or improving Risk Management Programs, including third-party risk management
• Experience with FedRAMP or similar government-focused compliance frameworks
• Practical knowledge of security practices, including Penetration Testing, DevSecOps, or other hands-on security skills that can enhance compliance work
• In-depth knowledge of relevant laws, regulations, and security standards, particularly in the healthcare sector
• Previous experience in a healthcare startup
• Demonstrated ability to balance long-term compliance strategy with short-term tactical needs

Benefits

• Comprehensive health, dental and vision insurance*
• Equity shares*
• Discretionary PTO plan*
• Parental leave*
• 401(k)
• Flexible working hours
• Remote-first company
• Paid company holidays
• Free digital therapist for you and your family
• Health, dental and vision insurance
• Meal allowance
• Equity shares
• Remote work allowance
• Flexible working hours
• Work from home
• Unlimited vacation
• Snacks and beverages
• English class
• Unlimited access to Coursera Learning Platform