Senior GRC Analyst

Garner’s mission is to transform the healthcare economy, delivering high-quality and affordable care for all. 

We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures. 

Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale.

About the role:

We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow.

Where you will work:

This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.

What you will do:

• Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle
• Serve as the subject matter expert across the company on our compliance frameworks
• Serve as the primary point of contact for external auditors and assessors
• Manage Garner’s Security and Privacy trust center
• Maintain the risk register and drive risk identification, scoring, and reporting
• Manage the maintenance of our compliance policies, standards, and procedures
• Report on our compliance posture to senior leadership
• Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest

The ideal candidate has:

• 5+ years of experience in GRC, IT audit, or information security compliance
• Prior experience with HITRUST, SOC 2, and ISO 27001 audits
• Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment
• Proven ability to adapt your communication style across engineers, operators, and executives
• A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
• Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred
• A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback

Technologies we use: 

• AWS, Okta, Datadog, Retool, Gitlab, Vanta

This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare.

Compensation Transparency:

The target salary range for this position is $132,000 - $165,000. Individual compensation for this role will depend on various factors, including qualifications, skills, and applicable laws. In addition to base compensation, this role is eligible to participate in our equity incentive and competitive benefits plans, including but not limited to: flexible PTO, Medical/Dental/Vision plan options, 401(k), Teladoc Health and more.