Governance, Risk, and Compliance Senior Analyst ( GRC, Remote)

Social network you want to login/join with:

col-narrow-left

SWORD Health, Inc

remote (UK) / remote (PT), US, United Kingdom

Other

-

Yes

col-narrow-right

96ea48f583cb

4

21.05.2025

05.07.2025

col-wide

Sword Health is on a mission to free two billion people from pain. With 67% of members achieving a pain-free life and a 70% reduction in surgery intent, at Sword, we are using AI Care to change lives, and save millions for our 25,000+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, Sapphire Ventures, General Catalyst, and Khosla Ventures. Recognized as a leader in our field, this award highlights our focus on being a destination for the best and brightest talent. Since our market debut in 2020, we’ve experienced unprecedented growth and created a mission and values-driven environment that our team loves. Valued at $3 billion, we are in a phase of hyper-growth and expansion, seeking passionate, committed, and energetic individuals to help us scale our global impact. Joining Sword means committing to core values such as “do it for the patients” and “deliver more than expected.” This is your chance to make a significant difference on a massive scale, working with over 900 talented colleagues across three continents. Our goal? To build a pain-free world, powered by AI and enhanced by people — accessible to all.

Introduction: As a GRC Analyst, you will play a pivotal role in ensuring Sword’s compliance with complex regulatory frameworks while driving innovation and efficiency in our Governance, Risk, and Compliance (GRC) programs. You will take ownership of key compliance initiatives, like SOC 2 and ISO 27001. This role functions independently to lead audits and improve risk management processes across the organization. This is an exciting opportunity to join a team where you’ll have a direct impact on safeguarding patient data, managing risk, and ensuring that Sword meets the highest security and compliance standards in the industry.

What you'll be doing:

1. Leading the implementation and maintenance of key compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS;
2. Working closely with the Director of Risk and Compliance to continuously improve Sword’s GRC programs, driving initiatives to meet high compliance standards across Healthcare and AI;
3. Taking full ownership of specific compliance certifications and audits, ensuring timely and effective execution;
4. Mentoring and supporting junior team members, fostering a culture of continuous learning and improvement in the compliance function;
5. Conducting comprehensive risk assessments, including third-party vendor risk management, and proposing strategies to mitigate identified risks;
6. Spearheading internal and external audits for current and future compliance initiatives, ensuring accurate and efficient audit preparation and follow-up;
7. Developing and enhancing processes related to security questionnaires, client security assessments, and compliance training at all organizational levels.

What you need to have:

1. 5+ years of hands-on experience in Information Security certifications with proven success leading complex frameworks like SOC 2, ISO 27001, PCI-DSS, and HITRUST independently;
2. Demonstrated experience in conducting and leading audits and maintaining compliance in highly regulated and complex environments such as Healthcare and AI;
3. Exceptional communication skills in English, both written and spoken — your documents should read as if written by a native speaker, and your spoken English should never be a barrier to understanding;
4. Strong analytical and problem-solving skills, with a proactive calculated approach to mitigating compliance risks;
5. Self-starter approach with the ability to operate with minimal supervision

We'd Love to see:

1. A strategic mindset with the ability to identify process improvements and drive compliance initiatives across multiple teams;
2. Strong track record of implementing and/or improving Risk Management Programs, including third-party risk management; Experience with FedRAMP or similar government-focused compliance frameworks;
3. Practical knowledge of security practices, including Penetration Testing, DevSecOps, or other hands-on security skills that can enhance compliance work;
4. In-depth knowledge of relevant laws, regulations, and security standards, particularly in the healthcare sector;
5. Previous experience in a healthcare startup;
6. Demonstrated ability to balance long-term compliance strategy with short-term tactical needs

£44,534 - £69,983 a year. Total compensation ranges from £44,534 to £69,983, including base salary (£35,000 - £55,000), variable pay (£1,750 - £2,750), and net equity value (£7,784 - £12,233). These figures are starting points; as you prove your talent, compensation may be adjusted. Our titles may span multiple levels; pay depends on skills, qualifications, experience, location, market demand, and other factors. Compensation details include base salary, incentives, and potential stock options. Future values are not guaranteed, and compensation may change. Besides salary, Sword offers various benefits.