Senior GRC Analyst

We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures. 

Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale.

We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow.

This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.

• →Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle
• →Serve as the subject matter expert across the company on our compliance frameworks
• →Serve as the primary point of contact for external auditors and assessors
• →Manage Garner’s Security and Privacy trust center
• →Maintain the risk register and drive risk identification, scoring, and reporting
• →Manage the maintenance of our compliance policies, standards, and procedures
• →Report on our compliance posture to senior leadership
• →Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest

• 5+ years of experience in GRC, IT audit, or information security compliance
• Prior experience with HITRUST, SOC 2, and ISO 27001 audits
• Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment
• Proven ability to adapt your communication style across engineers, operators, and executives
• A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
• Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred
• A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback

• AWS, Okta, Datadog, Retool, Gitlab, Vanta

This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare.

Please be aware of recent job scam attempts. Our recruiters use getgarner.com and garnerhealth.com email domains exclusively. If you have been contacted by someone claiming to be a Garner recruiter or a hiring manager from a different domain about a potential job, please report it to law enforcement here and to candidateprotection@garnerhealth.com.

Garner Health is proud to be an Equal Employment Opportunity employer and values diversity in the workplace. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

Garner Health is committed to providing accommodations for qualified individuals with disabilities in our recruiting process. If you need assistance or an accommodation due to a disability, you may contact us at talent@garnerhealth.com.