Senior GRC Analyst, HIPAA

About The Position

Requirements

• 6+ years of experience in security compliance, GRC, risk management, audit, privacy/security operations, or related information security roles.
• 3+ years of hands-on experience implementing, operating, or materially maturing HIPAA programs in a technology, SaaS, health-tech, or highly regulated environment.
• Strong working knowledge of HIPAA Security Rule requirements and practical experience applying HIPAA safeguards to cloud, SaaS, data, and engineering environments.
• Understanding of how PHI/ePHI flows through modern systems and ability to partner with engineering teams on data classification, access controls, encryption, logging, retention, and secure data handling.
• Experience with adjacent frameworks and standards such as HITRUST, SOC 2, ISO 27001, NIST 800-53, PCI DSS, GDPR or CCPA.
• Experience leading or supporting audits, compliance assessments, control testing, evidence collection, risk assessments, and remediation programs.
• Ability to translate complex compliance requirements into clear, actionable tasks for Engineering, Product, Security, IT, Legal, and Privacy stakeholders.
• Technical fluency to understand cloud architecture, APIs, IAM, CI/CD, infrastructure-as-code, logging, vulnerability management, and security monitoring concepts.
• Clear communication skills, ability to write high-quality documentation, manage multiple workstreams independently, and drive cross-functional progress without direct authority.
• Pragmatic approach to reducing real risk while enabling teams to move quickly and responsibly.

Nice To Haves

• Experience working directly with Engineering or Security Engineering teams in a high-growth technology company.
• Experience building or scaling a HIPAA program rather than only maintaining an existing checklist.
• Experience with HITRUST certification, SOC 2 audits, ISO 27001 audits, or multi-framework control mapping.
• Experience with third-party risk management, vendor security reviews, business associate/vendor security expectations, and customer security assessments.
• Experience supporting privacy, security incident response, or breach assessment workflows involving regulated data.
• Familiarity and interest towards AI, data platform, healthcare interoperability, payments, or marketplace environments.
• Experience building something using AI.

Responsibilities

• Lead and support HIPAA security compliance workstreams across multiple products, platforms, systems, and engineering teams.
• Turn legal requirements into actionable technical and operational control requirements.
• Perform HIPAA readiness assessments, gap analyses, risk assessments, and control design/effectiveness reviews across cloud, SaaS, data, and internal tooling environments.
• Build and maintain control mappings across HIPAA, HITRUST, SOC 2, ISO 27001, NIST 800-53, and DoorDash security standards.
• Partner with Engineering and Security Engineering to implement scalable controls across IAM, encryption, logging and monitoring, vulnerability management, secure SDLC, incident response, data retention, and access review processes.
• Maintain HIPAA security program documentation, including policies, standards, procedures, control narratives, evidence requirements, risk registers, exception records, and remediation plans.
• Support internal and external audits, partner/customer assessments, security questionnaires, and compliance evidence collection.
• Partner with Legal, and Security Operations on incidents involving PHI/ePHI, including compliance impact analysis, documentation, and remediation tracking.
• Mature GRC tooling, workflows, dashboards, and continuous control monitoring to reduce manual compliance overhead.
• Provide practical guidance to technical and non-technical stakeholders so HIPAA requirements are understood, adopted, and embedded into day-to-day engineering practices.
• Monitor regulatory, framework, and industry changes related to HIPAA, HITRUST, healthcare security, and regulated data environments.

Benefits

• 401(k) plan with employer matching
• 16 weeks of paid parental leave
• Wellness benefits
• Commuter benefits match
• Paid time off
• Paid sick leave
• Medical benefits
• Dental benefits
• Vision benefits
• 11 paid holidays
• Disability insurance
• Basic life insurance
• Family-forming assistance
• Mental health program
• Equity grants