Senior Security Analyst

Rightway•New York City, NY

18h•$120,000 - $145,000

About The Position

Rightway Healthcare is looking for a Senior Security GRC Analyst ready to take their experience to the next level. If you’ve worked on GRC programs in a fast-paced or startup environment, this is your chance to apply that agility and execution focus in a growing healthcare organization. You’ll also have the opportunity to contribute to emerging areas of AI risk and governance as Rightway integrates advanced technologies into its platform. Reporting to the Security GRC Manager, you’ll own key deliverables that keep our security and compliance programs running smoothly, supporting customer assurance, vendor risk reviews, and recurring governance activities. This role is ideal for someone who enjoys hands-on GRC work and wants to grow as a senior individual contributor within a collaborative, mission-driven healthcare company transforming pharmacy benefit management and care navigation.

Requirements

3-5 years of experience in information security, GRC, or related disciplines.
Familiarity with security compliance frameworks and regulation (e.g., SOC 2, ISO 27001, NIST, HIPAA).
Experience responding to security questionnaires and customer due diligence requests.
Experience performing vendor security reviews and risk assessments.
Strong organizational skills and the ability to manage multiple tasks and deadlines simultaneously.
Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization.
Interest in emerging technologies and willingness to develop subject matter expertise in AI risk and compliance.

Responsibilities

Core GRC Operations Coordinate and execute recurring GRC tasks such as quarterly access reviews, audit evidence collection, and risk register reconciliation.
Document and track completion of control activities and escalate issues where needed.
Assist with internal and external audits, ensuring timely and complete evidence collection and review.
Customer Assurance Collaborate with Sales, Legal, and Product teams to lead responses for customer security questionnaires and RFPs, progressively owning more complex requests as your experience deepens.
Maintain and continuously improve a centralized repository of commonly requested security documentation and artifacts (e.g., SOC 2, SIG, CAIQ).
Vendor Risk Management Work closely with a broad array of business leaders to conduct initial and periodic vendor risk assessments, ensuring that third parties meet Rightway's security and compliance standards.
Track and follow up on remediation plans and risk treatment for vendors posing unacceptable risk.
Enable and support automation and optimization of the vendor risk assessment lifecycle using both AI and traditional tooling
AI Governance Support the implementation and operationalization of AI risk and governance controls in alignment with ISO/IEC 42001 (AI Management System) and emerging regulatory guidance e.g., CAIA (Colorado AI Act).
Monitor AI systems for compliance with ethical and legal standards.