Senior GRC Analyst
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner's compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner's sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow. Where you will work: This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.
Responsibilities
- Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle
- Serve as the subject matter expert across the company on our compliance frameworks
- Serve as the primary point of contact for external auditors and assessors
- Manage Garner's Security and Privacy trust center
- Maintain the risk register and drive risk identification, scoring, and reporting
- Manage the maintenance of our compliance policies, standards, and procedures
- Report on our compliance posture to senior leadership
- Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest
- The ideal candidate has:
- 5+ years of experience in GRC, IT audit, or information security compliance
- Prior experience with HITRUST, SOC 2, and ISO 27001 audits
- Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment
- Proven ability to adapt your communication style across engineers, operators, and executives
- A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
- Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred
- A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback
- Technologies we use:
- AWS, Okta, Datadog, Retool, Gitlab, Vanta
- This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare.
- Compensation Transparency:
- Fraud and Security Notice:
- Equal Employment Opportunity:
Benefits
Additional Information
Garner's mission is to transform the healthcare economy, delivering high-quality and affordable care for all. We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures. Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at garnerhealth? Share your experience