Governance, Risk, and Compliance Analyst ( GRC, Remote)

Social network you want to login/join with:

Governance, Risk, and Compliance Analyst (GRC, Remote), remote (UK) / remote (PT), US

col-narrow-left

Client:

SWORD Health, Inc

Location:

remote (UK) / remote (PT), US, United Kingdom

Job Category:

Customer Service

-

EU work permit required:

Yes

col-narrow-right

Job Reference:

ed0d204287b9

Job Views:

15

Posted:

26.04.2025

Expiry Date:

10.06.2025

col-wide

Job Description:

Sword Health is on a mission to free two billion people from pain. With 67% of members achieving a pain-free life and a 70% reduction in surgery intent, at Sword, we are using AI Care to change lives, and save millions for our 25,000+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, Sapphire Ventures, General Catalyst, and Khosla Ventures. Recognized as a, this award highlights our focus on being a destination for the best and brightest talent. Not only have we experienced unprecedented growth since our market debut in 2020, but we’ve also created a remarkable mission and value-driven environment that is loved by our growing team. With a recent valuation of $3 billion, we are in a phase of hyper growth and expansion, and we’re looking for individuals with passion, commitment, and energy to help us scale our global impact. Joining Sword means committing to a set of core values, chief amongst them to “do it for the patients” every day, and to always “deliver more than expected” on behalf of our members and clients. This is an opportunity for you to make a significant difference on a massive scale as you work alongside 900+ (and growing!) talented colleagues, spanning three continents. Your charge? To help us build a pain-free world, powered by AI, enhanced by people — accessible to all.

Introduction: As a GRC Analyst, you will play a pivotal role in ensuring Sword’s compliance with complex regulatory frameworks while driving innovation and efficiency in our Governance, Risk, and Compliance (GRC) programs. You will take ownership of key compliance initiatives, like SOC 2 and ISO 27001. This role functions independently to lead audits and improve risk management processes across the organization. This is an exciting opportunity to join a team where you’ll have a direct impact on safeguarding patient data, managing risk, and ensuring that Sword meets the highest security and compliance standards in the industry.

What you'll be doing:

1. Leading the implementation and maintenance of key compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS;
2. Working closely with the Director of Risk and Compliance to continuously improve Sword’s GRC programs, driving initiatives to meet high compliance standards across Healthcare and AI;
3. Taking full ownership of specific compliance certifications and audits, ensuring timely and effective execution;
4. Mentoring and supporting junior team members, fostering a culture of continuous learning and improvement in the compliance function;
5. Conducting comprehensive risk assessments, including third-party vendor risk management, and proposing strategies to mitigate identified risks;
6. Spearheading internal and external audits for current and future compliance initiatives, ensuring accurate and efficient audit preparation and follow-up;
7. Developing and enhancing processes related to security questionnaires, client security assessments, and compliance training at all organizational levels.

What you need to have:

1. 5+ years of hands-on experience in Information Security certifications with proven success leading complex frameworks like SOC 2, ISO 27001, PCI-DSS, and HITRUST independently;
2. Demonstrated experience in conducting and leading audits and maintaining compliance in highly regulated and complex environments such as Healthcare and AI;
3. Excellent communication and leadership skills, with a demonstrated ability to mentor junior team members and communicate compliance requirements effectively to non-technical audiences;
4. Strong analytical and problem-solving skills, with a proactive calculated approach to mitigating compliance risks;
5. Self-starter approach with the ability to operate with minimal supervision

We'd Love to see:

1. A strategic mindset with the ability to identify process improvements and drive compliance initiatives across multiple teams;
2. Strong track record of implementing and/or improving Risk Management Programs, including third-party risk management; Experience with FedRAMP or similar government-focused compliance frameworks;
3. Practical knowledge of security practices, including Penetration Testing, DevSecOps, or other hands-on security skills that can enhance compliance work;
4. In-depth knowledge of relevant laws, regulations, and security standards, particularly in the healthcare sector;
5. Previous experience in a healthcare startup.
6. Demonstrated ability to balance long-term compliance strategy with short-term tactical needs

€50,378 - €65,750 a year. Base: €24,455 - €38,430. Variable: €2,446 - €3,843. Net equity value per year: €23,477. These compensation bands are just the starting point. Once someone joins and proves they’re outlier talent, we adjust quickly to ensure their compensation aligns with their impact. Our job titles may span more than one career level. Actual pay is determined by skills, qualifications, experience, location, market demand, and other factors. Compensation details listed in this posting reflect the base salary and any potential variable, bonus or sales incentives, and the Company’s estimation of the value of private company stock options, if applicable. The pay range is subject to change, future value of company stock options is not guaranteed, and compensation may be modified in the future. In addition to our total compensation, Sword offers a number of benefits as listed below.