Sr. GRC Compliance Analyst

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.
The healthcare system today is not designed to help patients achieve their goals. It’s designed around institutions such as hospitals and insurance companies. A patient centric healthcare system is one that is designed around the goals a patient wants to achieve. We’re building healthcare that puts patients in control, provides reactive and proactive care, has transparent pricing and process, is extremely effective and ridiculously convenient, and evolves over time based on patients’ goals.
Ro has been recognized as a Fortune Best Workplace in New York and Health Care for four consecutive years (2021-2024). In 2023, Ro was also named Best Workplace for Parents for the third year in a row. In 2022, Ro was listed as a CNBC Disruptor 50.
The Governance Risk and Compliance Sr. Analyst role will be a core member of Ro’s GRC team. The GRC team enables Ro to manage risk by vigorously assessing our operations against leading compliance frameworks and standing legislation. This individual contributor role will be a key player leading audit readiness program and other key risk initiatives.

What You'll Do:

• Lead Audit Readiness program, overseeing and driving  Ro’s audit readiness initiatives for both internal and external audits, ensuring full preparation and alignment with compliance requirements.
• Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans.
• Own Ro’s security and privacy policy program.
• Develop and lead a risk and privacy analytics program that provides business context, supporting informed decision-making.
• Performing vendor risk assessments.

What You'll Bring To The Team:

• 5 years’ experience working with risk and compliance frameworks (HIPAA, NIST, HITRUST, SOC2, PCI)
• 3 years of demonstrated success in audit readiness activities
• Understanding of digital eCommerce platforms, electronic health records (EHR) systems, and traditional business-enabling IT services
• Knowledge of cloud computing platforms (e.g., Amazon Web Services, Microsoft Azure, Google Cloud) and their security and compliance features. 
• Experience with automated, continuous compliance tools such as Vanta, Drata or Tugboat
• Expertise in using Looker (or similar BI tool) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights.
• Ability to automate data ingestion, transformation, and reporting processes using scripting languages such as Python or JavaScript, particularly for integrating and managing data from APIs.
• Strong analytical and root cause analysis skills
• Demonstrated the ability to operate with fortitude and finesse while navigating compliance topics with stakeholders.
• Kindness, and an ability to communicate to all levels of the organization

Bonus Points:

• Strong experience in GRC applications such as OneTrust or Archer

We've Got You Covered:

• Full medical, dental, and vision insurance + OneMedical membership
• Healthcare and Dependent Care FSA
• 401(k) with company match
• Flexible PTO
• Wellbeing + Learning & Growth reimbursements
• Paid parental leave + Fertility benefits
• Pet insurance
• Student loan refinancing
• Virtual resources for mindfulness, counseling, and fitness

The target base salary for this position ranges from $133,500 to $157,500, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary.
Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).
At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.
See our California Privacy Policy here.