Governance Risk & Compliance Analyst - Remote

Overview

The Governance Risk & Compliance (GRC) Analyst will operationalize and evolve DoseSpot’s security and compliance programs, ensuring mission-critical prescriptions and verifications are delivered on time and without error.

In Short

• Manage risk and vulnerability assessments, compliance reviews, and audits.
• Support SOC2 and HITRUST audits.
• Conduct recurring risk assessments aligned to NIST, HITRUST, HIPAA, and ISO 27001.
• Lead end-to-end SOC2 and HITRUST audits.
• Manage audit timelines and submissions using GRC tools.
• Implement HITRUST and NIST based controls across operations.
• Maintain an organized repository of audit evidence.
• Inform stakeholders of risk management concerns.
• Translate compliance insights into actionable updates.
• Support vendor due-diligence and third-party risk management.

Requirements

• Bachelor’s degree in information security or related field.
• 5+ years of experience in information security.
• 3+ years managing SOC2 and HITRUST audits.
• Understanding of regulatory compliance requirements.
• Familiarity with NIST, HITRUST, ISO27001.
• Knowledge of identity management and cloud recovery standards.
• Experience with GRC tools like Vanta and Drata.
• Proven project management skills in risk and compliance.
• Effective communication skills for cross-functional collaboration.
• CISA, CISM, CRISM, or CISSP certifications preferred.

Benefits

• Remote work environment with flexible schedule.
• Annual company offsite.
• Generous leave package with flexible time off.
• Medical, dental, and vision insurance.
• 401(k) company match.
• Workspace reimbursement for remote setup.