IT Compliance Analyst

As the holiday season approaches, we want to inform you that response times and the hiring process may be slightly extended due to business team schedules. We truly appreciate your patience and understanding during this period and remain committed to keeping you informed as we review applications. Thank you for considering a role at ŌURA—we look forward to learning more about you!

Our mission at Oura is to empower every person to own their inner potential. Our award-winning products help our global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. We've helped 2.5 million people understand and improve their health by providing daily insights and practical steps to inspire healthy lifestyles.

Empowering the world starts with living and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we ensure that our team members have what they need to do their best work — both in and out of the office.

We are looking for a highly motivated IT Compliance Analyst to join our IT Operations team. This role is critical for supporting and maturing our compliance programs, including SOC2, HIPAA, HITRUST, and DoD frameworks. As an IT Compliance Analyst, you will play a hands-on role in identifying compliance requirements, supporting audits, and partnering with cross-functional teams, including Security and GRC, to implement IT controls, policies, and procedures, ensuring adherence to regulatory standards and company policies. The ideal candidate has experience creating policies and procedures, a solid understanding of IT operations, and a proactive approach to managing compliance requirements.

What you will do: 

• Policy Development & Maintenance: Develop, maintain, and revise IT compliance policies and procedures, ensuring alignment with industry best practices and regulatory requirements.
• Audit & Compliance Management: Assist in planning and executing compliance audits such as SOC2, HIPAA, and HITRUST, including gathering evidence, preparing audit documentation, and liaising with external auditors.
• Risk Assessment: In collaboration with Security, conduct regular IT risk assessments, identifying gaps in controls, and recommending mitigation actions to minimize potential risks.
• Documentation & Reporting: Maintain comprehensive documentation to support compliance activities and generate regular reports to communicate compliance status to stakeholders.
• Collaboration & Stakeholder Engagement: Work closely with Security, IT Operations, and Legal teams to facilitate compliance-related initiatives and ensure controls are properly implemented.
• Training & Awareness: Provide ongoing training to internal teams on compliance obligations, policies, and best practices to cultivate a culture of compliance.

This is a remote US role with a preference for candidates based on the East Coast. Oura employees in major cities (like Boston or New York) occasionally gather informally at local co-working locations.

We would love to have you on our team if you have:

• Experience: 5+ years of experience in IT compliance, IT operations, or a related GRC role.
• Governance Writing Skills: Exceptional ability to draft clear, concise policies and procedures that are easily understood and practical for end-users.
• Knowledge: Strong understanding of compliance frameworks such as SOC2, HIPAA, HITRUST, NIST 800-171 and other IT-related regulatory requirements.
• Technical Skills: Familiarity with common IT operations tools and systems (e.g., ServiceNow, access management solutions) and experience with compliance documentation.
• Work Management Tools: Proficiency in work management tools such as Jira for tracking and managing project tasks, and Confluence for documentation and collaboration.
• Analytical Skills: Demonstrated ability to analyze processes and identify compliance risks, with excellent attention to detail.
• Communication: Strong written and verbal communication skills, with the ability to work effectively with diverse teams across multiple time zones.
• Remote Collaboration and Travel: Ability to travel as needed and effectively collaborate with remote teams.
• Certifications: Relevant certifications such as CISA, CRISC, or CCEP are a plus

At Oura, we care about you and your well-being. Everyone here at Oura has a ring of their own and we are continually looking to improve employee health and add to our benefits!

What we offer:

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own plus employee discounts for friends & family
• 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
• Paid sick leave and parental leave
• Amazing culture of collaborative and passionate coworkers

Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. These ranges may be modified in the future.

• Region 1: $112,000 - $140,000
• Region 2: $100,000 - $125,000
• Region 3: $94,000 - $117,000

A recruiter can determine your zones/tiers based on your US location.

Oura is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.

We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Disclaimer: Beware of fake job offers!
We’ve been alerted to scammers posing as ŌURA recruiters, especially for remote roles. Please note:

• Our jobs are listed only on the ŌURA Careers page and trusted job boards.
• We will never ask for personal information like ID or payment for equipment upfront.
• Official offers are sent through Docusign after a verbal offer, not via text or email.

Stay cautious and protect your personal details.

To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.