Governance, Risk & Compliance Analyst

5+ years of hands-on experience in GRC. Proven track record of leading audits and maintaining certifications for internationally recognized security standards. Hands-on experience with at least three of the following frameworks: ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST SP 800-171, NIST SP 800-53, GDPR, HIPAA or PCI DSS. Exceptional command of the English language, both written and spoken. Strong understanding of how security controls apply to Infrastructure and Product environments. Familiarity with the intersection of cybersecurity and privacy/regulatory frameworks. Familiarity with Medical Device certifications and regulations. Experience working across diverse teams such as Legal, Quality, and IT.

Act as the primary subject matter expert for security and compliance inquiries. Take end-to-end ownership of certification lifecycles. Improve existing GRC programs. Bridge the gap between security frameworks and Medical Device Compliance initiatives. Collaborate with product teams on security-by-design. Ensure security controls are integrated into existing workflows. Provide expertise for security and compliance training.