Senior GRC Analyst

We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow.

This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.

• Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle
• Serve as the subject matter expert across the company on our compliance frameworks
• Serve as the primary point of contact for external auditors and assessors
• Manage Garner’s Security and Privacy trust center
• Maintain the risk register and drive risk identification, scoring, and reporting
• Manage the maintenance of our compliance policies, standards, and procedures
• Report on our compliance posture to senior leadership
• Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest

• 5+ years of experience in GRC, IT audit, or information security compliance
• Prior experience with HITRUST, SOC 2, and ISO 27001 audits
• Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment
• Proven ability to adapt your communication style across engineers, operators, and executives
• A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
• Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred
• A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback

• AWS, Okta, Datadog, Retool, Gitlab, Vanta

This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare.

The target salary range for this position is $132,000 - $165,000. Individual compensation for this role will depend on various factors, including qualifications, skills, and applicable laws. In addition to base compensation, this role is eligible to participate in our equity incentive and competitive benefits plans, including but not limited to: flexible PTO, Medical/Dental/Vision plan options, 401(k), Teladoc Health and more.