Senior GRC Analyst

This is a fully remote position, open to applicants in United States.

📋 Description

• Assess organizational policies and standards to confirm compliance with both external and internal requirements.

• Enhance the compliance program by implementing improvements, including the integration of AI, automation, and process optimization.

• Analyze security-related language in customer contracts (MSAs, DPAs, BAAs) and RFP/RFI security sections, offering recommendations to the Legal team and the broader GRC team.

• Utilize AI-assisted tools and trust content to respond to customer security questionnaires, applying professional judgment to ensure responses are thorough and precise.

• Collaborate with external auditors and customers as needed, providing them with necessary information and support.

• Update and maintain trust center content and security documentation for customer engagement.

• Conduct vendor security risk assessments and contribute to the third-party risk management initiatives.

• Support the upkeep and development of policy documentation, ensuring clarity and relevance.

• Oversee and assist with internal training programs focused on compliance requirements and best practices.

• Guarantee that Bamboo Health’s security operations align with both internal and external compliance standards, aiding in ongoing audit reviews.

• Clearly communicate Bamboo Health’s compliance status to internal and external stakeholders, providing tangible evidence of policy adherence.

• Collaborate with the larger Information Security team to identify opportunities for continuous improvement within the compliance framework.

• Remain inquisitive about emerging AI tools and their potential to streamline or enhance tasks within your role.

⛳️ Requirements

• Bachelor's degree in information security, computer science, or a related discipline, or equivalent experience in a comparable field.

• Preferred certifications in security compliance such as CISSP, CISA, or CRISC.

• Over 5 years of experience in information security, with significant emphasis on compliance, auditing, or risk management.

• Direct experience with security frameworks and certifications such as NIST SP 800-53, HITRUST, HIPAA, and/or FedRAMP.

• Experience in responding to customer security questionnaires and facilitating customer security due diligence processes.

• Background in reviewing security-related language in customer or vendor contracts.

• Knowledge of healthcare data protection requirements (HIPAA) and the associated compliance obligations.

• Proven experience in security auditing and evidence collection for compliance purposes.

• Experience in evaluating security controls for compliance assessments.

• Familiarity with cloud security concepts and practices.

• Exceptional written and verbal communication skills, with an ability to articulate business rationale effectively.

• Strong capacity for quick learning and independent work while being part of a collaborative team.

• Ability to cultivate effective and sustainable relationships internally, with customers, and with external stakeholders.

• Comfort in using or learning AI-supported tools (e.g., ChatGPT, CoPilot, or role-specific tools) to enhance daily operations.

• A forward-thinking and curious attitude with a willingness to explore new technologies.

• Strong analytical and problem-solving skills, paired with sound judgment and creativity in designing solutions.

• Proven ability to excel in fast-paced, high-growth, and rapidly changing environments.

• Ability to work effectively in a remote-first setting, ensuring high-quality virtual interactions with minimal distractions.

🏝️ Benefits

• Competitive compensation package, including health, dental, vision, and additional benefits.