Job Description: GRC Analyst – HITRUST, SOC 2, and Other Compliance
Frameworks
Position : Governance, Risk, and Compliance (GRC) Analyst
Location : Remote/Onsite (Flexible)
Employment Type : Full-Time
Reports To : Chief Information Security Officer (CISO) or Compliance Lead
Role Overview
Blooming Health is seeking a skilled and motivated GRC Analyst to lead the implementation and maintenance of security compliance programs, including HITRUST , SOC 2 , NIST , OHIP , and other regulatory frameworks as needed. This individual will serve as the primary liaison between internal IT, Security, and Operations teams, as well as external compliance consultants. They will ensure all required policies and procedures are developed, implemented, and continuously monitored, while managing internal audits and preparing necessary reports for certification and regulatory bodies.
This is a pivotal role in ensuring Blooming Health's compliance posture supports secure and scalable growth.
Key Responsibilities
Compliance Program Management
• Develop, implement, and manage compliance programs for frameworks such as HITRUST, SOC 2, NIST 800-53, OHIP, and others relevant to Blooming Health.
• Collaborate with external security compliance consultants to guide and accelerate compliance initiatives.
• Design and maintain policies, procedures, and controls that align with regulatory requirements and industry best practices.
Audits and Assessments
• Conduct internal reviews and audits to assess the effectiveness of security controls, operational processes, and compliance policies.
• Prepare and organize documentation and evidence for external audits, readiness assessments, and certification processes.
• Act as the primary point of contact for external assessors and certification authorities.
Policy and Procedure Development
• Lead the creation, implementation, and enforcement of policies related to security, privacy, and operational compliance.
• Ensure all procedures are documented, communicated, and integrated into daily workflows.
Documentation and Reporting
• Maintain a centralized repository of compliance artifacts for ongoing assessments.
• Generate comprehensive reports for internal leadership, certifying authorities, and regulatory bodies to demonstrate compliance status and progress.
Collaboration and Communication
• Work closely with IT, Security, and Operations teams to implement and verify technical and procedural controls.
• Coordinate with external compliance consultants to ensure alignment with certification goals and timelines.
• Partner with business stakeholders to align compliance activities with operational priorities.
Training and Awareness
• Develop and deliver training programs to educate employees on compliance requirements and best practices.
• Foster a culture of security awareness and accountability across the organization.
Risk Management
• Perform risk assessments to identify vulnerabilities, non-compliance risks, and remediation opportunities.
• Maintain a risk register and track the resolution of identified issues.
• Monitor changes in regulatory requirements and update policies and controls accordingly.
Incident and Breach Management
• Develop and maintain an Incident Response Plan aligned with compliance frameworks like HITRUST and SOC 2.
• Act as a key stakeholder in responding to security incidents, breaches, and non-compliance events.
• Coordinate post-incident activities, including root cause analysis, documentation, and reporting to regulatory authorities if required.
• Ensure incidents are logged and tracked to resolution, with lessons learned feeding into process improvements.
• Conduct regular tabletop exercises to test incident response readiness.
Qualifications
Required Skills and Experience
• 3+ years of proven experience in Governance, Risk, and Compliance roles, preferably in healthcare or technology.
• Strong understanding of frameworks such as HITRUST , SOC 2 , NIST 800-53 , and HIPAA .
• Proven experience conducting internal audits, managing compliance documentation, and preparing for external certifications.
• Familiarity with compliance tools like Vanta , Drata, or Tugboat Logic.
• Knowledge of security controls, including encryption, logging, access management, and vulnerability management.
Technical Skills
• Proficiency with tools such as SIEMs, endpoint protection platforms, and configuration management systems.
• Experience managing policies for cloud-based environments (e.g., AWS, Azure).
• Hands-on experience with security frameworks and automation tools.
Soft Skills
• Excellent communication skills for engaging with technical teams, non-technical stakeholders, and external assessors.
• Strong project management abilities to ensure timely completion of compliance initiatives.
• Detail-oriented with the ability to multitask and prioritize in a dynamic environment.
Preferred Qualifications
• Certifications such as HITRUST Practitioner , CISSP , CISA , CISM , or equivalent.
• Experience implementing compliance programs for multi-framework environments (e.g., SOC 2 + HIPAA + HITRUST).
Why Join Blooming Health?
• Be a key contributor to building a robust compliance program for a mission-driven healthcare startup.
• Work in a collaborative and innovative environment with opportunities for professional growth.
• Competitive salary and benefits package, with flexibility to work remotely or onsite.
...and nicely packed pet foods that they need. We currently have Warehouse Associate openings on 2nd shifts ! Associates receive Medical/Dental... ...Employment Type & Shifts ~ Full Time ~2nd Shift ~ Weekend Shifts Job Responsibilities Warehouse Associate NO warehouse...
...Web Application DeveloperWeb Application DeveloperLOCATION: W.A. Lettinga Campus - Grand Rapids, Michigan*Hybrid/Remote schedule possibleDEPARTMENT: Information Technology - Web/MediaTARGET PAY: $60,000 - $65,000The Role:This position will help maintain the University...
Title: Safety Manager (2 Openings) Location: Monterey Park, CA 91754 Pay: $80 $86/hr. Length: 1 year plus potential renewals Position Description: ~ Perform management oversight of construction...
...individuals to join our awesome studio! StretchLab is seeking personal trainers, massage and physical therapists, and dance/yoga/Pilates... ...day Flexologist Training Program, which includes 20 hours of online tutorials and 3 days of in-person/hands-on training If this...
...oriented and committed to providing outstanding customer experiences every day. A day in a LifeReceive, unload freight, unpack and deliver newly arrived merchandise to selling departm Retail, Seasonal, Fulfillment, Customer Experience, Inventory Control Nordstrom, Inc.