IT Compliance (GRC) Analyst

About The Position

Requirements

• Bachelor’s degree in a related field or equivalent experience
• Relevant experience with IT controls, IT audit, SOX testing, IT risk, HIPAA, or related functions
• Practical understanding of HIPAA Security and Privacy requirements and how they apply to IT systems that handle PHI
• Technical foundation with identity and access management, change management, SDLC, backup and recovery, and logging/monitoring
• Hands-on experience collecting and organizing audit evidence and documenting control testing procedures

Nice To Haves

• Relevant certification(s) (CISA, CRISC, CPA, CHPS)
• Healthcare or healthtech industry experience
• Written and verbal communication skills with the ability to create concise documentation and explain technical details to nontechnical stakeholders.

Responsibilities

• Support SOX and HIPAA controls by helping design, document, and maintain ITGCs and operational controls
• Maintain documentation such as control narratives, flowcharts, risk and control matrices, and evidence repositories
• Assist remediation efforts by coordinating with IT and business teams, validating remediation evidence, and tracking closure of deficiencies
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage
• Support audits and vendor reviews by preparing workpapers, answering auditor questions, and helping with vendor control questionnaires
• Perform vendor and third-party assessments for SaaS providers ensuring appropriate controls are in place and evidenced

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Unlimited PTO Policy
• Paid Holidays
• Short Term & Long Term Disability
• Training & Development