Junior Governance Risk and Compliance Analyst

Description

At Gifthealth, we're revolutionizing the way people experience healthcare by simplifying the process of managing prescriptions and health services. Our mission is to provide a seamless, personalized, and efficient healthcare experience for all our customers. We're a dynamic, innovative, and customer-centric company dedicated to making a positive impact on people's lives.

Reporting to the Governance Risk and Compliance (GRC) Lead, the Junior Governance Risk and Compliance (GRC) Analyst supports Gifthealth’s Governance, Risk, and Compliance function by assisting with policy management, risk assessments, audits, and regulatory compliance activities. This is an entry-level role designed for individuals building a career in cybersecurity, compliance, and risk management

We are seeking a Junior GRC Analyst to help ensure the organization meets applicable regulatory, security, and internal control requirements. This position collaborates cross-functionally to collect evidence, maintain GRC tools, and support risk remediation efforts, ensuring alignment with organizational goals, operational excellence, and compliance standards.

• Assists with development, review, and maintenance of GRC policies, procedures, and frameworks
• Supports internal audits, control testing, and risk assessments across departments
• Monitors compliance with applicable regulations (e.g., HIPAA, PCI-DSS) and internal standards
• Tracks risks, issues, and remediation activities in GRC tools and systems
• Collects and organizes evidence for compliance reporting and audits
• Assists with third-party/vendor risk assessments
• Researches evolving regulations and cybersecurity best practices

• Education
  :
• Bachelor’s degree in information systems, cybersecurity, risk management, Business, or related field OR equivalent relevant experience (Required)
• Coursework or certifications related to security, compliance, or risk (e.g., Security+, GRC fundamentals) (Preferred)
• Licensure/Certification
  :
  None
• Experience
  :
• 0–2 years of experience in compliance, audit, IT security, risk management, or related internships/co-op roles (Required)
• Exposure to audits, risk assessments, or compliance documentation (Preferred)
• Experience in healthcare, technology, or regulated industries (Preferred)
• Experience using GRC, audit, or risk management tools (Preferred)
• Knowledge, Skills, & Abilities
  :
• Knowledge of regulatory requirements such as HIPAA and PCI-DSS and a basic understanding of information security, risk, and compliance concepts (Required)
• Familiarity with GRC frameworks (NIST, ISO 27001, COBIT, SOC
  2) and exposure to privacy regulations (HIPAA, CCPA) (Preferred)
• Strong attention to detail and documentation skills (Required)
• Proficiency in Microsoft Excel and Microsoft Office tools (Required)
• Clear written and verbal communication skills (Required)
• Basic data analysis and reporting skills (Preferred)
• Ability to organize and manage multiple tasks simultaneously (Required)
• Ability to follow defined processes and controls (Required)
• Ability to communicate with technical and non-technical stakeholders (Required)
• Ability to identify gaps or inconsistencies in documentation or controls (Preferred)
• Ability to learn and adapt quickly in a regulated environment (Preferred)

Work Environment

• Location
  :
  Hybrid
• Schedule
  : 8:00 A.M. to 5:00 P.M. Monday through Friday with night and weekend hours on occasion as determined by the needs of the business.
• Regular meetings with internal GRC/Security, IT, Engineering, Legal, Privacy, Operations, and business stakeholder teams. This role may also have meetings with external third-party vendor, auditor, and compliance representatives.

• Must be able to remain in a stationary position for extended periods while writing or reviewing documentation
• Must be able to work on a computer for the entire shift
• Must be able to attend virtual meetings with cross-functional teams.

Status: Full-time
FLSA: Exempt

Gifthealth is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. All employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, transgender status, national origin, age, disability, veteran status, or any other legally protected status.

We celebrate diversity and are committed to creating an inclusive environment for all employees. If you do not meet every requirement but still feel you would be a great fit for this role, we encourage you to apply!

This job description is intended to describe the general nature and level of work being performed. It is not intended to be an exhaustive list of all responsibilities, duties, or skills required of personnel. Gifthealth reserves the right to modify job duties or descriptions at any time.