Senior Governance & Risk Analyst

Lantern•Dallas, TX

21h•Hybrid

About The Position

Lantern Specialty Care is seeking a Senior Risk & Governance Analyst to join our GRC team as a key individual contributor. This is a newly created role, built to scale our risk and compliance capabilities as we expand our AI-forward healthcare technology platform. You will report directly to the Sr. GRC Manager and play a foundational role across four priority areas: maintaining our risk register, advancing AI risk governance, TPRM, and supporting our HIPAA compliance program. This is a high-impact, cross-functional role. We are at a critical stage of maturing our GRC program. There is significant greenfield opportunity to build structure where gaps exist, particularly in risk management and AI governance. The ideal candidate is hands-on, comfortable with ambiguity, and excited to leave their fingerprints on programs that will shape the organization’s risk posture for years to come.

Requirements

Bachelor’s degree in Information Security, Healthcare Administration, Computer Science, or related field
A minimum of 5 years’ experience in GRC, compliance, or information security
A minimum of 3 years’ experience in healthcare or health-tech industries
Direct & Hands-on experience with the following:
Building or significantly maturing a risk register
Performing or supporting HITRUST and/or SOC 2 audits
HIPAA Privacy/Security Rule compliance programs
NIST CSF or ISO 27001
AI Specific Risk Management Frameworks such as NIST AI RMF or Similar frameworks
Proficiency with a GRC platform (Vanta, Drata, ServiceNow GRC, OneTrust, or equivalent)
Working knowledge of AI/ML risk concepts and the NIST AI RMF
Experience with third-party risk tools and structured vendor assessment workflows
Ability to read, interpret, and operationalize regulatory guidance

Nice To Haves

CISA, CRISC, CISSP, CHC, or CHPC highly desirable
HITRUST CCSFP a strong plus
Be energized by building. This role has significant greenfield scope, and the best candidates will see that as an opportunity, not a gap
Move with urgency and precision, flagging risk before it becomes an issue
Balance rigor with pragmatism, enabling the organization to move fast while staying protected
Communicate clearly to both technical and non-technical audiences without losing nuance
Bring genuine curiosity about AI and emerging technology governance
Embody Lantern’s LIGHT pillars — Logic, Inclusion, Grit, Humanity, Truth — in every interaction

Responsibilities

Support the build-out of Lantern’s risk register by conducting risk identification workshops, defining risk taxonomy, assigning ownership, and establishing likelihood/impact scoring
Map current control environment against the NIST CSF function; document gaps and develop a prioritized remediation roadmap
Establish recurring risk review cadence with business unit owners
Maintain and evolve the risk register as a living document; produce regular risk reporting for leadership
AI governance framework aligned to the NIST AI RMF — covering model risk assessment, bias considerations, transparency standards, and accountability structures
Build and maintain an AI systems inventory with risk ratings; assess new use cases before deployment in partnership with Engineering and Product
Monitor emerging AI regulatory guidance (HHS, EU AI Act, state-level) and translate into actionable controls
Manage ongoing HIPAA Privacy and Security compliance programs: gap assessments, remediation tracking, and workforce training coordination
Support SOC 2 Type II, HITRUST CSF, and other applicable audit cycles
Support TPRM activities including vendor risk assessments and vendor tiering maintenance