Security Compliance Analyst, GRC

Hims & Hers
1dRemote
Match Resume

About The Position

We are seeking a Security GRC Analyst to support and mature our governance, risk, and compliance program within a fast-paced healthcare technology environment. This role will partner closely with Security, Engineering, Legal, Privacy, Finance, and AI/ML teams to ensure our systems and processes meet regulatory, privacy, and security standards across domestic and international operations. You will help drive risk management initiatives, maintain compliance with globally recognized frameworks, and support audits while enabling the business to scale securely and responsibly, particularly in environments leveraging AI and automated decision-making systems.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field
  • 3–5 years of experience in GRC, security compliance, risk management, audit, or related field
  • Experience supporting audits and compliance assessments
  • Experience with third-party/vendor risk management
  • Familiarity with data governance principles (classification, retention, lineage)
  • Thorough understanding of risk management methodologies and control frameworks
  • Strong communication, documentation, organizational, and analytical skills
  • Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders
  • Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA)
  • Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations (NIST AI RMF, ISO 42001)
  • Familiarity with cloud environments (AWS primary, Google Workspace/MS Azure preferred) and modern SaaS architectures
  • Experience with GRC tools (AuditBoard, Vanta, Drata, Archer, ServiceNow GRC, or similar) and ticketing/workflow/documentation tools (Jira, Freshservice, Confluence, GitHub, etc.)

Nice To Haves

  • Professional certifications such as CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor
  • Experience with compliance automation and continuous monitoring
  • Experience supporting or implementing ISO 27001 and/or ISO 42001 programs
  • Experience operationalizing privacy programs aligned to GDPR and global privacy standards
  • Understanding of AI governance frameworks and emerging standards (e.g., NIST AI RMF, ISO 42001)
  • Experience working with AI/ML systems lifecycle governance
  • Exposure to incident response, particularly involving data privacy or AI-related risks
  • Experience in healthcare or other highly regulated industries

Responsibilities

  • Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA
  • Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks)
  • Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures
  • Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA)
  • Track and manage remediation efforts for identified risks, control gaps, and audit findings
  • Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers
  • Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices
  • Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms)
  • Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements
  • Develop and maintain risk registers, control matrices, and compliance documentation
  • Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations
  • Assist with security, privacy, and responsible AI awareness and training initiatives
  • Provide reporting and metrics on risk posture, compliance status, and AI governance maturity

Benefits

  • Competitive salary & equity compensation for full-time roles
  • Unlimited PTO, company holidays, and quarterly mental health days
  • Comprehensive health benefits including medical, dental & vision, and parental leave
  • Employee Stock Purchase Program (ESPP)
  • 401k benefits with employer matching contribution
  • Offsite team retreats

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

1-10 employees

Job Search Resources

Similar Security Compliance Analyst, GRC job opportunities

Cyber Security Governance, Risk, & Compliance (GRC) Analyst
Nebraska Public Power District
Nebraska Public Power District • Columbus, OH9d • Onsite
IT Analyst, Security GRC
Buckeye Partners
Buckeye Partners • Houston, TX6d
Analyst III, Security - GRC
Concentra
Concentra • Addison, TX2d
GRC Analyst
OneRail
OneRail • Orlando, FL6d
Information Security - GRC Analyst
Avalere Health
Avalere Health11d • Hybrid
Senior Security GRC Analyst
Robinhood
Robinhood • Menlo Park, CA9d • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service