Security Compliance Analyst, GRC
Role Overview
This mid-level Security GRC Analyst role supports and matures governance, risk, and compliance programs in a fast-paced healthcare tech environment. Day-to-day, you'll maintain compliance with frameworks like NIST, HIPAA, and ISO, coordinate audits, manage third-party risks, and ensure secure AI/ML system practices. You'll partner with cross-functional teams to drive risk management initiatives and enable secure, responsible business scaling.
Perks & Benefits
This is a fully remote position with a flexible work approach, likely requiring collaboration across U.S. time zones. Benefits include competitive salary, equity, unlimited PTO, comprehensive health coverage, 401k matching, and quarterly mental health days. The company fosters a collaborative, cross-functional culture focused on ethics and wellness in a regulated healthcare setting.
Full Job Description
Hims & Hers is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal, from diagnosis to treatment to delivery. No two people are the same, so we provide access to personalized care designed for results. By normalizing health & wellness challenges and innovating on their solutions, we’re making better health outcomes easier to achieve.
Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS.” To learn more about the brand and offerings, you can visit hims.com/about and hims.com/how-it-works . For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals.
About the Role:
We are seeking a Security GRC Analyst to support and mature our governance, risk, and compliance program within a fast-paced healthcare technology environment. This role will partner closely with Security, Engineering, Legal, Privacy, Finance, and AI/ML teams to ensure our systems and processes meet regulatory, privacy, and security standards across domestic and international operations.
You will help drive risk management initiatives, maintain compliance with globally recognized frameworks, and support audits while enabling the business to scale securely and responsibly, particularly in environments leveraging AI and automated decision-making systems.
You Will:
Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks)
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures
Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA)
Track and manage remediation efforts for identified risks, control gaps, and audit findings
Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers
Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices
Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms)
Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements
Develop and maintain risk registers, control matrices, and compliance documentation
Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations
Assist with security, privacy, and responsible AI awareness and training initiatives
Provide reporting and metrics on risk posture, compliance status, and AI governance maturity
You Have:
Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field
3–5 years of experience in GRC, security compliance, risk management, audit, or related field
Experience supporting audits and compliance assessments
Experience with third-party/vendor risk management
Familiarity with data governance principles (classification, retention, lineage)
Thorough understanding of risk management methodologies and control frameworks
Strong communication, documentation, organizational, and analytical skills
Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders
Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA)
Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations (NIST AI RMF, ISO 42001)
Familiarity with cloud environments (AWS primary, Google Workspace/MS Azure preferred) and modern SaaS architectures
Experience with GRC tools (AuditBoard, Vanta, Drata, Archer, ServiceNow GRC, or similar) and ticketing/workflow/documentation tools (Jira, Freshservice, Confluence, GitHub, etc.)
Preferred Qualifications
Professional certifications such as CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor
Experience with compliance automation and continuous monitoring
Experience supporting or implementing ISO 27001 and/or ISO 42001 programs
Experience operationalizing privacy programs aligned to GDPR and global privacy standards
Understanding of AI governance frameworks and emerging standards (e.g., NIST AI RMF, ISO 42001)
Experience working with AI/ML systems lifecycle governance
Exposure to incident response, particularly involving data privacy or AI-related risks
Experience in healthcare or other highly regulated industries
What We’re Looking For
Strong understanding of security, privacy, and AI governance principles
Ability to balance regulatory requirements with business agility
Collaborative and cross-functional mindset
Proactive problem-solver
Strong communicator
Additional Information
Remote-friendly position
Operates in a fast-paced, regulated healthcare environment
Focus on secure, compliant, and responsible AI-driven growth
Our Benefits (there are more but here are some highlights):
Competitive salary & equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
401k benefits with employer matching contribution
Offsite team retreats
We are committed to building a workforce that reflects diverse perspectives and prioritizes ethics, wellness, and a strong sense of belonging. If you're excited about this role, we encourage you to apply—even if you're not sure if your background or experience is a perfect match.
Hims considers all qualified applicants for employment, including applicants with arrest or conviction records, in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, the California Fair Chance Act, and any similar state or local fair chance laws.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Hims & Hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at accommodations@forhims.com and describe the needed accommodation. Your privacy is important to us, and any information you share will only be used for the legitimate purpose of considering your request for accommodation. Hims & Hers gives consideration to all qualified applicants without regard to any protected status, including disability. Please do not send resumes to this email address.
To learn more about how we collect, use, retain, and disclose Personal Information, please visit our Global Candidate Privacy Statement.
Similar jobs
Found 6 similar jobs