Governance Risk & Compliance Analyst

DoseSpot Logo

DoseSpot

📍Remote - United States

Summary

Join DoseSpot, a PE-backed start-up and leader in electronic prescribing software, as their Governance Risk & Compliance (GRC) Analyst. You will play a crucial role in operationalizing and evolving DoseSpot’s security and compliance programs. Collaborate cross-functionally to drive alignment with industry frameworks, proactively manage risk, and build scalable processes. This role involves managing day-to-day compliance operations, including SOC 2 and HITRUST audits, refining third-party risk assessments, and supporting the transformation of DoseSpot’s compliance program. The ideal candidate will have a strong background in information security, risk management, and compliance, with experience in managing SOC2 and HITRUST audits. This is a remote position with a flexible work schedule, offering a generous benefits package.

Requirements

  • Bachelor’s degree in information security or related field
  • 5+ years of experience in information security, with an emphasis on risk and compliance
  • At least 3+ years of experience managing SOC2 and HITRUST audits
  • Thorough understanding of regulatory and compliance requirements, including HIPAA
  • Familiarity with ISMS and security frameworks, including NIST, HITRUST, ISO27001
  • Knowledge of identity management standards, storage, and disaster recovery in the cloud
  • Knowledge of GRC tools and best practices, including solutions such as Vanta, Drata, OneTrust
  • Proven track record of organizing and carrying out several risk and compliance projects independently
  • Ability to manage third-party audits and organize audit responses in detail proactively
  • Effective written and verbal communication skills and capability to communication and collaborate with cross-functional teams

Responsibilities

  • Managed risk and vulnerability assessments, validation testing, compliance reviews, and audit in accordance with both NIST and HITRUST standards
  • Manage and support SOC2 and HITRUST audits
  • Conduct and manage recurring risk and vulnerability assessments, control validation, and compliance reviews aligned to NIST, HITRUST, HIPAA, and ISO 27001
  • Lead end to end SOC2 and HITRUST audits, including readiness assessments, evidence collection, gap remediation, and audit response
  • Proactively manage audit timelines and ensure completeness and accuracy of submissions using GRC tools such as Drata and Vanta
  • Promote widespread implementation of HITRUST and NIST based controls across security, engineering, and business operations
  • Maintain an organized, audit-ready repository of evidence and artifacts through GRC platforms
  • Inform stakeholders of risk management concerns
  • Translate risk and compliance insights into clear, actionable updates for security, IT, product, and legal teams
  • Manage the development, maintenance, and version control of security policies and standards ensuring compliance with emerging regulations and company practices
  • Support vendor due-diligence process and help to lead and define the overall third-party risk management (TPRM) efforts

Preferred Qualifications

  • CISA, CISM, CRISM, or CISSP certifications are preferred, but not required
  • You like to be hands on and work with GRC tools to better automate and operationalize GRC programs
  • You enjoy collaborating with teams on risk management

Benefits

  • Remote work environment with a flexible work schedule to encourage work-life balance
  • Annual company offsite
  • Generous leave package including flexible time off policy that encourages team members to take time off to relax and recharge; plus 13 paid holidays, paid sick leave, and paid parental leave
  • Medical, dental, and vision insurance for you and your family, plus a company funded FSA & HSA (dependent on which medical plan you choose)
  • 401(k) company match
  • One-time workspace reimbursement to help you optimize your remote workspace

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.