Sr. GRC Analyst

About The Position

Requirements

• Bachelor’s degree in information security, computer science, or related field, or equivalent experience in a related field.
• 5+ years of experience in information security, with substantial focus on compliance, audit, or risk management work.
• Direct experience with security frameworks and certifications like NIST SP 800-53, HITRUST, HIPAA, and/or FedRAMP.
• Experience responding to customer security questionnaires and supporting customer security due diligence activities.
• Experience reviewing security-relevant language in customer or vendor contracts.
• Familiarity with healthcare data protection requirements (HIPAA) and the compliance obligations they create.
• Demonstrated experience with security auditing and evidence gathering for compliance purposes.
• Experience evaluating security controls for compliance purposes.
• Familiarity with cloud security concepts and practices.
• Excellent written and verbal communication skills, with ability to build and communicate business rationale.
• Strong ability to learn quickly and work independently while being part of a team.
• Ability to build effective, sustainable working relationships internally, with customers, and external stakeholders.
• Comfort using or learning AI-supported tools (e.g., ChatGPT, CoPilot, or role-specific tools) to improve daily workflows.
• A forward-thinking, curious mindset with an openness to experimenting with new technologies.
• Strong analytical and problem-solving skills, with sound judgment and creativity in designing solutions.
• Proven ability to thrive in fast-paced, high-growth, and rapidly evolving environments.
• Ability to work effectively in a remote-first environment, ensuring high-quality virtual interactions with minimal distractions.

Nice To Haves

• Security compliance-related certifications such as CISSP, CISA, or CRISC are preferred.

Responsibilities

• Evaluate organizational policies and standards, ensuring that external and internal compliance requirements are met.
• Develop improvements to the compliance program, including the use of AI, automation, and process optimization.
• Review security-relevant language in customer contracts (MSAs, DPAs, BAAs) and RFP/RFI security sections, providing recommendations to Legal and the broader GRC team.
• Respond to customer security questionnaires using AI-assisted tools and trust content, exercising professional judgment to ensure responses are accurate and complete.
• Work with external auditors and customers as necessary, providing them with required information and assistance.
• Maintain and update trust center content and customer-facing security documentation.
• Perform vendor security risk assessments and contribute to the third-party risk management program.
• Assist in policy documentation upkeep and development, ensuring clarity and applicability.
• Monitor and assist with the internal training programs on compliance requirements and best practices.
• Ensure Bamboo Health’s security operations remain aligned with both internal and external compliance requirements, contributing to ongoing internal and external audit reviews.
• Effectively communicate Bamboo Health’s compliance posture to both internal and external stakeholders, offering tangible proof of adherence to policy requirements.
• Partner with the larger Information Security team to identify areas for continuous improvement within the compliance framework.
• Stay curious about emerging AI tools and how they can streamline or enhance work within your function.

Benefits

• competitive compensation
• health
• dental
• vision
• other benefits