A US HealthTech company building AI-powered clinical documentation and patient data platforms is hiring a GRC / Compliance Analyst with cloud expertise to own their compliance programme. You will ensure the company's Azure cloud infrastructure and data practices meet HIPAA, SOC 2 Type II and emerging AI governance requirements. Role & Responsibilities: • Own and maintain the SOC 2 Type II compliance programme: control mapping, evidence collection, audit coordination and remediation tracking • Manage HIPAA compliance across cloud infrastructure, vendor agreements and data handling practices • Conduct cloud security risk assessments for Azure workloads using CIS Benchmarks, NIST CSF and Microsoft Secure Score • Build and maintain the GRC platform (OneTrust, Drata or equivalent): control library, risk register and policy management • Review and negotiate Business Associate Agreements (BAAs) with cloud vendors and technology partners • Lead the third-party risk management programme: vendor assessments, questionnaire reviews and remediation follow-up • Support internal audit activities, penetration test coordination and vulnerability remediation tracking • Prepare compliance reports for executive leadership, the Board and healthcare client security questionnaires Required Skills & Experience: • 4+ years of GRC, compliance or audit experience with a cloud and healthcare focus • Strong knowledge of HIPAA Security Rule requirements and their implementation in cloud environments • SOC 2 Type II experience — you have been through at least one full audit cycle • Familiarity with Azure security controls: Microsoft Defender for Cloud, Policy, Security Centre and compliance dashboards • Experience with GRC platforms: OneTrust, Drata, Vanta or equivalent • CISA, CRISC or CISSP certification preferred; HCISPP is a strong advantage • Knowledge of emerging AI governance frameworks (NIST AI RMF, EU AI Act basics) is advantageous What We Offer: • Fully remote role on US hours (EST/CST) • Salary $90,000–$120,000 based on experience • High-impact compliance role at a company where data integrity directly affects patient outcomes • Modern GRC stack with investment in automation and continuous compliance tooling For a compliance professional who understands cloud infrastructure well enough to assess it — not just document it — and wants to work on meaningful healthcare data governance.
Remote · US Hours | $90,000–$120,000