Job description
Role Summary The Senior Cybersecurity Compliance Analyst (GRC) is a hands-on, technical compliance leader responsible for ensuring cybersecurity controls are designed, operating effectively, and continuously provable in a regulated healthcare environment.
This role sits at the intersection of security engineering, Infrastructure, IT operations, and audit.
The individual will be responsible for translating regulatory requirements into technical controls, evidence, and risk-based decisions.
The role does not simply write policies; it validates that the controls actually work.
Cybersecurity Compliance & Assurance:
Own and operationalize cybersecurity compliance programs aligned to NIST, HITRUST R2, HIPAA, and related healthcare frameworks
Map regulatory requirements to technical security controls
Validate control design and operating effectiveness
Maintain continuous audit readiness (not point-in-time)
Perform GAP analysis / CAP remediations
Audit & Evidence Management:
Lead evidence collection, validation, and narrative development for audits and client assessments
Ensure evidence is accurate, current, traceable, and auditor-ready
Coordinate internal and external audits, including HITRUST assessors
Act as primary technical liaison during audits
Governance, Risk & Control Design:
Maintain cybersecurity risk registers and perform risk assessments
Evaluate gaps and drive remediation plans with IT and security teams
Participate in control design discussions for new systems, vendors, and initiatives
Ensure security requirements are embedded early
Perform 3rd Party Risk Assessment for any new and existing vendors with our GRC Tool
Ensure timely completion of compliance training and evidence collection across the organization
Will participate in and present compliance/governance updates to the organization on a quarterly basis
Continuous Monitoring & Automation
Partner with IT and data teams to implement continuous control monitoring
Leverage automation and tooling to reduce manual compliance effort
Identify opportunities to improve evidence collection, validation, and reporting
Continuous Monitoring & Automation
Partner with IT and data teams to implement continuous control monitoring
Leverage automation and tooling to reduce manual compliance effort
Identify opportunities to improve evidence collection, validation, and reporting
Required Qualifications
6+ years in cybersecurity, IT compliance, or GRC roles
3+ years supporting healthcare-regulated environments
Direct, hands-on experience with HITRUST R2 assessments
Proven experience supporting audits end-to-end
Experience implementing and managing Vanta
Experience with writing and modifying policy and procedures
BIA/BCP/SSP/DR/Tabletop Exercises
Required Soft Skills
Exceptional written and verbal communication skills
Strong organizational and documentation discipline
Ability to influence without authority and work across teams
Detail-oriented with a risk-based, pragmatic mindset
Benefits and perks include:
- Healthcare that fits your needs - We offer excellent medical, dental, and vision plan options that provide coverage to employees and dependents.
- 401(k) with Employer Match - Join the team and we will invest in your future
- Generous Paid Time Off - Accrued PTO starting day one, plus additional days off when you’re not feeling well, to observe holidays.
- Wellness - We care about your well-being. From Commuter Benefits to FSAs, we’ve got you covered.
- Learning & Development - Through continued education/mentorship on the job and our investment in LinkedIn Learning, we’re focused on your growth as a working professional.
- Monday - Thursday are in office and Fridays remote.
Salary $145k - $150K
