Governance Risk & Compliance Analyst
USA - Remote
Full Time Entry-level / Junior USD 115K - 154K
DoseSpot
DoseSpot is a certified ePrescribing platform trusted by healthcare providers. It helps healthcare professionals work faster and safer. Request a Demo now.PE-backed start-up, DoseSpot is a dynamic and innovative leader in the electronic prescribing software market, and its subsidiary, pVerify, is an industry leading insurance verification solution. We are on a hyper-growth curve at the intersection of the software and healthcare industries. We need great team members to capitalize on these opportunities and improve the healthcare experience for patients and doctors alike. DoseSpot and pVerify have an exciting opportunity to join a fun and growing team, benefit from strong market tailwinds, and be part of an exciting opportunity to ensure mission-critical prescriptions and verifications are delivered on time and without error.
The Role:
As the Governance Risk & Compliance (GRC) Analyst, you will be a critical force in operationalizing and evolving DoseSpot’s security and compliance programs. You’ll collaborate cross-functionally to drive alignment and industry frameworks, proactively manage risk, and build scalable processes that keep us audit-ready and patient data secure. You’ll own day-to-day of compliance operations – from SOC 2 and HITRUST audits, to refining third-party risk assessments, to supporting the transformation of DoseSpot’s compliance program.
We welcome applicants from all U.S. time zones, though we have a preference for those based in Central or Mountain time zones.
What you'll do:
Managed risk and vulnerability assessments, validation testing, compliance reviews, and audit in accordance with both NIST and HITRUST standards.
Manage and support SOC2 and HITRUST audits.
Conduct and manage recurring risk and vulnerability assessments, control validation, and compliance reviews aligned to NIST, HITRUST, HIPAA, and ISO 27001.
Lead end to end SOC2 and HITRUST audits, including readiness assessments, evidence collection, gap remediation, and audit response.
Proactively manage audit timelines and ensure completeness and accuracy of submissions using GRC tools such as Drata and Vanta.
Promote widespread implementation of HITRUST and NIST based controls across security, engineering, and business operations.
Maintain an organized, audit-ready repository of evidence and artifacts through GRC platforms.
Inform stakeholders of risk management concerns.
Translate risk and compliance insights into clear, actionable updates for security, IT, product, and legal teams.
Manage the development, maintenance, and version control of security policies and standards ensuring compliance with emerging regulations and company practices
Support vendor due-diligence process and help to lead and define the overall third-party risk management (TPRM) efforts.
What you'll bring:
Bachelor’s degree in information security or related field.
5+ years of experience in information security, with an emphasis on risk and compliance.
At least 3+ years of experience managing SOC2 and HITRUST audits
Thorough understanding of regulatory and compliance requirements, including HIPAA
Familiarity with ISMS and security frameworks, including NIST, HITRUST, ISO27001
Knowledge of identity management standards, storage, and disaster recovery in the cloud.
Knowledge of GRC tools and best practices, including solutions such as Vanta, Drata, OneTrust
Proven track record of organizing and carrying out several risk and compliance projects independently.
Ability to manage third-party audits and organize audit responses in detail proactively.
Effective written and verbal communication skills and capability to communication and collaborate with cross-functional teams
CISA, CISM, CRISM, or CISSP certifications are preferred, but not required.
You Will Enjoy This Role If:
You like to be hands on and work with GRC tools to better automate and operationalize GRC programs.
You enjoy collaborating with teams on risk management.
Benefits & Perks:
🌍Remote work environment with a flexible work schedule to encourage work-life balance
✈Annual company offsite
🌴Generous leave package including flexible time off policy that encourages team members to take time off to relax and recharge; plus 13 paid holidays, paid sick leave, and paid parental leave
💙 Medical, dental, and vision insurance for you and your family, plus a company funded FSA & HSA (dependent on which medical plan you choose)
💰401(k) company match
💸One-time workspace reimbursement to help you optimize your remote workspace
DoseSpot is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
Tags: Audits CISA CISM CISSP Cloud Compliance Governance HIPAA HITRUST ISMS ISO 27001 NIST Risk assessment Risk management SOC SOC 2
Perks/benefits: 401(k) matching Flex hours Flex vacation Health care Insurance Medical leave Parental leave Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.