Security GRC Analyst

Job Title

Security GRC Analyst

US-Remote

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

Help shape the future of Health Equity's security, privacy, and compliance landscape. This position offers visibility across Security, Privacy, Legal, and Compliance and is a strong fit for someone who thrives in a remote environment, takes initiative, asks questions, and collaborates well virtually.

You will begin by mastering client security questionnaires and contract reviews. These responsibilities build foundational knowledge of our policies, controls, and security posture. As you grow, you will expand into broader GRC and continuous improvement initiatives that help mature Health Equity's governance program.

• Someone who thrives in a remote environment and collaborates proactively.
• A natural question asker who seeks clarity early and communicates well in virtual channels.
• Strong attention to detail with a willingness to learn complex subject matter.
• Clear written and verbal communication, especially when responding to client security inquiries.
• Dependability, organization, and comfort managing multiple incoming requests.
• Interest in how security controls, audits, and risk processes work in a regulated environment.
• Ability to work with both technical and nontechnical partners.
• A customer service mindset focused on accuracy, timeliness, and transparency.

The core areas you will support during your first year as you build deep subject matter knowledge:

• Support the intake, review, and completion of client security questionnaires and assessments.
• Support contract reviews by coordinating with Privacy, Security, Legal, and Compliance and learning how to identify risks, missing terms, and required redlines.
• Develop strong working knowledge of Health Equity's security policies, standards, and controls so you can confidently and accurately respond to client inquiries.

As you gain mastery, you will take on additional responsibilities that support broader GRC maturity:

• Organize and validate evidence for external audits and certifications such as SOC 2, HITRUST, PCI, HIPAA, or FedRAMP.
• Assist with internal control reviews and risk assessments by documenting gaps and identifying improvement opportunities.
• Support maintenance and update security control inventories, mappings, and evidence repositories.
• Partner with control owners across Security, IT, and Compliance to ensure timely and complete audit responses.
• Support tracking of remediation items, control testing cycles, and continuous monitoring activities.
• Contribute to standard operating procedures, process documentation, and repeatable GRC playbooks.
• Help create awareness, training materials, and guidance for internal teams and client-facing groups.

• Bachelor's degree preferred but not required. Related degrees may include Information Security, Cybersecurity, Computer Science, Information Systems, Information Technology, MIS, Data Analytics, Business with IT/Security focus, or other technical/analytical fields.
• Foundational understanding of information security, governance, risk, and compliance.
• Experience with security questionnaires, audits, or compliance work preferred.
• Exposure to frameworks such as SOC 2, HITRUST, NIST CSF, PCI, or HIPAA preferred.
• Strong documentation, organization, and follow-through.
• Familiarity with cloud environments or control frameworks is helpful.
• Experience with tools like Archer, Drata, Vanta, or Service Now GRC is a plus but not required.
• One foundational certification such as CompTIA Security+, CC, or ISO 27001 Foundations is required within 12 months.
• Additional certifications such as CISA, CRISC, CGRC, or CCSFP are a plus.

#LI-Remote

This is a remote position.

$36.30 To $46.15 per hour

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Full-time team members receive a minimum of 18 days of annual PTO and 13 paid holidays per year
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education and tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Onboarding & Travel

This is a remote role, with an in-person onboarding training component. New team members must participate in Trailhead, Health Equity's immersive onboarding experience. Trailhead participation is a key expectation of this role. Trailhead is held onsite at our headquarters once per quarter. Health Equity covers all required travel and accommodations.

This role may begin with a virtual, self-paced onboarding experience, followed by a mandatory…