About the position
We are seeking a hands-on GRC Analyst to support a mission-driven healthcare organization. In this role, you will be the "boots on the ground" for risk assessments, risk register management, and day-to-day GRC operations. If you are a self-starter who can hit the ground running with minimal ramp-up time, this is an excellent opportunity to manage high-impact compliance and security initiatives in a fast-paced clinical environment.
Responsibilities
• Conduct comprehensive vendor and application risk assessments, including evaluations of emerging technologies.
• Maintain and update the organizational risk register, including rigorous analysis, documentation, and evidence tracking.
• Manage the intake process, coordinate documentation, and handle follow-ups to ensure operational continuity.
• Assist with broader governance initiatives and provide support for the Data Loss Prevention (DLP) program.
• Ensure all activities align with HIPAA and other relevant healthcare regulatory requirements.
• Prepare clear, actionable reports and dashboards for key stakeholders.
Requirements
• 3–5 years of dedicated experience in GRC, IT Risk, or Compliance.
• Strong understanding of IT/Security controls and experience with GRC tools (e.g., Archer, ServiceNow, OneTrust, ZenGRC).
• Deep familiarity with HIPAA and healthcare-specific compliance challenges.
• Proven ability to manage a risk register and conduct assessments independently.
• Ability to work onsite in the Bellaire area every Tuesday.
Nice-to-haves
• Prior experience specifically within a hospital or healthcare provider system.
• Working knowledge of NIST, ISO 27001, or SOC 2.
• CISA, CRISC, or CISSP are highly desirable.
Benefits
• Hybrid schedule with only one required day in the office per week.
• Direct involvement in high-level risk and compliance strategy.