Governance, Risk, Compliance Analyst

Summary

Join Sword Health, a mission-driven company that uses technology to save millions for its enterprise clients across three continents. As a GRC Analyst, you will play a pivotal role in ensuring Sword's compliance with complex regulatory frameworks while driving innovation and efficiency in our Governance, Risk, and Compliance (GRC) programs.

Requirements

• Self-starter approach with the ability to operate with minimal supervision
• 5+ years of hands-on experience in Information Security certifications with proven success leading complex frameworks like SOC 2, ISO 27001, PCI-DSS, and HITRUST independently
• Strong track record of implementing Vendor Risk Management Programs from scratch, including third-party audit documentation and compliance reviews
• Demonstrated experience in conducting and leading audits and maintaining compliance in highly regulated and complex environments such as healthcare and AI
• Excellent communication and leadership skills, with a demonstrated ability to mentor junior team members and communicate compliance requirements effectively to non-technical audiences
• In-depth knowledge of relevant laws, regulations, and security standards, particularly in the healthcare sector
• Strong analytical and problem-solving skills, with a proactive calculated approach to mitigating compliance risks

Responsibilities

• Leading the implementation and maintenance of key compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS from day one
• Working closely with the Director of Risk and Compliance to continuously improve Sword's GRC programs, driving initiatives to meet high compliance standards across healthcare and AI sectors
• Taking full ownership of specific compliance certifications and audits, ensuring timely and effective execution
• Mentoring and supporting junior team members, fostering a culture of continuous learning and improvement in the compliance function
• Conducting comprehensive risk assessments, including third-party vendor risk management, and proposing strategies to mitigate identified risks
• Spearheading internal and external audits for current and future compliance initiatives, ensuring accurate and efficient audit preparation and follow-up
• Developing and enhancing processes related to security questionnaires, client security assessments, and compliance training at all organizational levels

Preferred Qualifications

• Experience with FedRAMP or similar government-focused compliance frameworks
• A strategic mindset with the ability to identify process improvements and drive compliance initiatives across multiple teams
• Practical knowledge of security practices, including Penetration Testing, DevSecOps, or other hands-on security skills that can enhance compliance work
• Demonstrated ability to balance long-term compliance strategy with short-term tactical needs
• Previous experience in a healthcare startup

Benefits

• A stimulating, fast-paced environment with lots of room for creativity
• A bright future at a promising high-tech startup company
• Career development and growth, with a competitive salary
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare
• A stimulating environment with room for creativity
• A flexible environment where you can control your hours (remotely) with unlimited vacation
• Access to our health and well-being program (digital therapist sessions)
• Remote or Hybrid work policy
• Comprehensive health, dental and vision insurance*
• Equity shares*
• Discretionary PTO plan*
• Parental leave*
• 401(k)
• Flexible working hours
• Remote-first company
• Paid company holidays
• Free digital therapist for you and your family