Junior Governance Risk and Compliance Analyst
About The Position
Reporting to the Governance Risk and Compliance (GRC) Lead, the Junior Governance Risk and Compliance (GRC) Analyst supports Gifthealth’s Governance, Risk, and Compliance function by assisting with policy management, risk assessments, audits, and regulatory compliance activities. This is an entry-level role designed for individuals building a career in cybersecurity, compliance, and risk management We are seeking a Junior GRC Analyst to help ensure the organization meets applicable regulatory, security, and internal control requirements. This position collaborates cross-functionally to collect evidence, maintain GRC tools, and support risk remediation efforts, ensuring alignment with organizational goals, operational excellence, and compliance standards.
Requirements
- Bachelor’s degree in information systems, cybersecurity, risk management, Business, or related field OR equivalent relevant experience (Required)
- 0–2 years of experience in compliance, audit, IT security, risk management, or related internships/co-op roles (Required)
- Knowledge of regulatory requirements such as HIPAA and PCI-DSS and a basic understanding of information security, risk, and compliance concepts (Required)
- Strong attention to detail and documentation skills (Required)
- Proficiency in Microsoft Excel and Microsoft Office tools (Required)
- Clear written and verbal communication skills (Required)
- Ability to organize and manage multiple tasks simultaneously (Required)
- Ability to follow defined processes and controls (Required)
- Ability to communicate with technical and non-technical stakeholders (Required)
- Must be able to remain in a stationary position for extended periods while writing or reviewing documentation
- Must be able to work on a computer for the entire shift
- Must be able to attend virtual meetings with cross-functional teams.
Nice To Haves
- Coursework or certifications related to security, compliance, or risk (e.g., Security+, GRC fundamentals) (Preferred)
- Exposure to audits, risk assessments, or compliance documentation (Preferred)
- Experience in healthcare, technology, or regulated industries (Preferred)
- Experience using GRC, audit, or risk management tools (Preferred)
- Familiarity with GRC frameworks (NIST, ISO 27001, COBIT, SOC 2) and exposure to privacy regulations (HIPAA, CCPA) (Preferred)
- Basic data analysis and reporting skills (Preferred)
- Ability to identify gaps or inconsistencies in documentation or controls (Preferred)
- Ability to learn and adapt quickly in a regulated environment (Preferred)
Responsibilities
- Assists with development, review, and maintenance of GRC policies, procedures, and frameworks
- Supports internal audits, control testing, and risk assessments across departments
- Monitors compliance with applicable regulations (e.g., HIPAA, PCI-DSS) and internal standards
- Tracks risks, issues, and remediation activities in GRC tools and systems
- Collects and organizes evidence for compliance reporting and audits
- Assists with third-party/vendor risk assessments
- Researches evolving regulations and cybersecurity best practices
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
