Sr. GRC Analyst

Proven experience managing or executing compliance programs covering frameworks such as PCI, HITRUST, HIPAA, and SOC 2 Type 2. Demonstrated ability to perform internal gap/fit analysis related to complex security control standards. Experience with audit tooling environments like Vanta, including evidence collection and management. Background in coordinating external commercial and state-level compliance assessments. Familiarity with HITECH requirements, HIPAA Security Rule, and FedRAMP. Strong organizational skills to manage high-volume audit assessment workloads. Ability to work proactively and understand compliance objectives. Bachelor’s degree or similar experience strongly preferred.

Manage regulatory and self-driven infosec compliance targets using the Vanta platform. Gather evidence for security audits and present assessment results. Review and determine appropriate security training for all employees. Serve as the primary resource for internal gap/fit analysis on new controls, particularly for FedRAMP Moderate requirements. Coordinate commercial audits/assessments and collaborate with legal and compliance on privacy matters. Support compliance across PCI, HITRUST, HITECH, HIPAA, NIST, and SOC 2 Type 2 frameworks. Perform and manage security risk reviews for third-party vendors. Lead and support Disaster Recovery (DR) and Business Continuity Planning (BCP) activities. Participate in risk management activities, including maintaining risk registers and advising on mitigation strategies.