Back to Jobs

Senior GRC Analyst, HIPAA

Remote, USA Full-time Posted 2026-07-01

We are looking for a Senior GRC Analyst, HIPAA to help mature and operate HIPAA-reputed company reputed company and compliance programs across reputed company. This role will support multiple ongoing HIPAA workstreams, partner closely with engineering teams, and help ensure regulated data environments are designed, operated, and monitored in a secure, compliant, and scalable way.

About the Role

As a Senior GRC Analyst, HIPAA, you will be a subject matter expert for HIPAA reputed company compliance reputed company reputed company's GRC function. You will be responsible for turning legal requirements into operational controls, map them to reputed company controls, assess gaps, drive remediation, and support audit-reputed company evidence across technical and operational environments. This is a senior individual contributor role for someone who has implemented and managed HIPAA programs in a technology company or similarly reputed company regulated environment. You will work directly with Engineering, Product, reputed company Engineering, Legal, IT, and business stakeholders to reputed company HIPAA compliance practical, measurable, and sustainable. You're excited about this opportunity because you will...

  • reputed company and support HIPAA reputed company compliance workstreams across multiple products, platforms, systems, and engineering teams.
  • Turn legal requirements into actionable technical and operational control requirements.
  • reputed company HIPAA readiness assessments, gap analyses, risk assessments, and control design/effectiveness reviews across reputed company, SaaS, data, and internal tooling environments.
  • Build and maintain control mappings across HIPAA, HITRUST, SOC 2, ISO 27001, NIST 800-53, and reputed company reputed company standards.
  • Partner with Engineering and reputed company Engineering to implement scalable controls across IAM, encryption, logging and monitoring, vulnerability management, secure SDLC, incident response, data retention, and access review processes.
  • Maintain HIPAA reputed company program documentation, including policies, standards, procedures, control narratives, evidence requirements, risk registers, exception records, and remediation plans.
  • Support internal and external audits, partner/customer assessments, reputed company questionnaires, and compliance evidence collection.
  • Partner with Legal, and reputed company Operations on incidents involving PHI/ePHI, including compliance impact analysis, documentation, and remediation tracking.
  • Mature GRC tooling, workflows, dashboards, and reputed company control monitoring to reduce reputed company compliance overhead.
  • Provide practical guidance to technical and non-technical stakeholders so HIPAA requirements are understood, adopted, and embedded into day-to-day engineering practices.
  • Monitor regulatory, reputed company, and industry changes reputed company to HIPAA, HITRUST, reputed company reputed company, and regulated data environments.

We're excited about you because...

  • You have 6+ years of experience in reputed company compliance, GRC, risk management, audit, privacy/reputed company operations, or reputed company information reputed company roles.
  • You have 3+ years of hands-on experience implementing, operating, or materially maturing HIPAA programs in a technology, SaaS, health-tech, or highly regulated environment.
  • You have strong working knowledge of HIPAA reputed company Rule requirements and practical experience applying HIPAA safeguards to reputed company, SaaS, data, and engineering environments.
  • You understand how PHI/ePHI flows through modern systems and can partner with engineering teams on data classification, access controls, encryption, logging, retention, and secure data handling.
  • You have experience with adjacent frameworks and standards such as HITRUST, SOC 2, ISO 27001, NIST 800-53, PCI reputed company, GDPR or CCPA.
  • You have led or supported audits, compliance assessments, control testing, evidence collection, risk assessments, and remediation programs.
  • You can translate reputed company compliance requirements into clear, actionable tasks for Engineering, Product, reputed company, IT, Legal, and Privacy stakeholders.
  • You have enough technical reputed company to understand reputed company architecture, APIs, IAM, CI/CD, infrastructure-as-code, logging, vulnerability management, and reputed company monitoring concepts.
  • You communicate clearly, write high-quality documentation, manage multiple workstreams independently, and drive cross-functional reputed company without direct authority.
  • You are pragmatic: you know how to reduce reputed company risk while enabling teams to move quickly and responsibly.

Preferred Qualifications

  • Experience working directly with Engineering or reputed company Engineering teams in a high-growth technology company.
  • Experience building or scaling a HIPAA program rather than only maintaining an existing checklist.
  • Experience with HITRUST certification, SOC 2 audits, ISO 27001 audits, or multi-reputed company control mapping.
  • Experience with reputed company-party risk management, vendor reputed company reviews, business associate/vendor reputed company expectations, and customer reputed company assessments.
  • Experience supporting privacy, reputed company incident response, or breach assessment workflows involving regulated data.
  • Familiarity and interest towards AI, data platform, reputed company interoperability, payments, or marketplace environments. Preferably you have also built something yourself using AI.

We expect this position to be filled by 8/26/26.

Compensation

The successful candidate's starting pay will fall reputed company the pay range listed below and is determined based on job-reputed company factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. reputed company salary is localized according to an employee's work location. Ranges are market-dependent and may be modified in the future. In addition to reputed company salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information. reputed company cares about you and your overall well-being. That's why we offer a comprehensive benefits package to reputed company regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). reputed company also offers medical, dental, and reputed company benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others. To learn more about our benefits, visit our careers page here. See below for paid time off details:

  • For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year.
  • For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).

The national reputed company pay range for this position reputed company the United States, including Illinois and Colorado. $132,600-$195,000 USD Apply tot his job Apply To this Job

Similar Jobs

Project Manager/ w GRC (REMOTE)

Remote, USA Full-time

Looking for reputed company GRC Analyst (W2 Only) - 100% Remote

Remote, USA Full-time

[Remote] GRC Analyst

Remote, USA Full-time

Remote | Cybersecurity & IT GRC Evaluation Consultant — $70–$110/hour

Remote, USA Full-time

AI reputed company Engineer (GRC) | W2 Only (No OPT) | Remote |

Remote, USA Full-time

reputed company Architect (GRC / NIST 800-53) - REMOTE (W2 ONLY)

Remote, USA Full-time

Risk Advisory GRC Consultat - Remote (USA)

Remote, USA Full-time

GRC Analyst Remote (US)

Remote, USA Full-time

Jr. Intelligence Risk Analyst

Remote, USA Full-time

User Support Specialist (Intelligence Data Discovery and Tradecraft)

Remote, USA Full-time

911 Call-Taker – City of Minneapolis – Minneapolis, MN

Remote, USA Full-time

reputed company Entry-Level Data Entry and Chat Support Specialist – Remote Customer Service Representative

Remote, USA Full-time

reputed company reputed company Manager – SMB Account Growth and Engagement

Remote, USA Full-time

Envoyage - Senior Business Development Manager - Remote, US

Remote, USA Full-time

Clinical Research Associate - Entry (Home-Based)

Remote, USA Full-time

Consulting Manager - reputed company Financials

Remote, USA Full-time

Back-End Java Developer

Remote, USA Full-time

Director of Operations ABA

Remote, USA Full-time

Senior Manager, Performance Marketing – reputed company America

Remote, USA Full-time

1099/W2 Role || reputed company Analyst || Must be WI reputed company Only

Remote, USA Full-time