# Senior Governance, Risk, Compliance (GRC) Analyst

**Company:** [Headway](https://hotfix.jobs/companies/headway)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $162k – $202k/yr
**Experience:** 5+ years
**Skills:** Hitrust, SOC 2, Pci-Dss, HIPAA, Vanta, Drata, Onetrust, Grc Platforms, Vendor Risk Management, Security Awareness Training, Risk Register, AI Tools
**Posted:** 2026-05-14

> Builds and matures GRC program supporting audits (HITRUST, SOC 2, PCI-DSS, HIPAA), manages vendor risk, security training, and technical risk register. Requires 5+ years GRC experience and knowledge of compliance frameworks.

## Job Description

## What You'll Own

- Support HITRUST, SOC 2, PCI-DSS, and HIPAA audit readiness — collecting evidence, coordinating with assessors, tracking control gaps and remediation timelines.
- Build and manage the vendor security assessment lifecycle — questionnaires, SOC 2/ISO reviews, risk scoring, and policy enforcement across procurement and renewals.
- Stand up and run Headway's security awareness training program — onboarding modules, phishing simulations, annual compliance training, and completion tracking.
- Operate the centralized risk register — identifying, assessing, and tracking technical security risks through mitigation, and surfacing risk-informed priorities to engineering and security leadership.
- Partner cross-functionally with Privacy, Legal, IT, and Engineering to embed compliance into how Headway operates — not bolt it on after the fact.

## You'd be a great fit if…

- You have 5+ years of experience in a GRC, compliance, or security risk role.
- You have working knowledge of at least two of: HITRUST, SOC 2, PCI-DSS, or HIPAA.
- You've used a GRC platform like Vanta, Drata, OneTrust, or similar to automate evidence collection or manage controls.
- You communicate compliance requirements clearly to both technical and non-technical audiences.
- You default to building repeatable processes over one-off heroics.
- You're excited about using AI and modern tooling to scale compliance operations.

**Bonus:** you've worked in healthcare or healthtech and understand what HIPAA means in practice, not just in theory.

## Compensation and Benefits

The expected base pay range for this position is $161,600 to $202,000 based on a variety of factors including qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for an equity grant.

Benefits offered include:

- Equity compensation
- Medical, Dental, and Vision coverage
- HSA / FSA
- 401K
- Work-from-Home Stipend
- Therapy Reimbursement
- 16-week parental leave for eligible employees
- Carrot Fertility annual reimbursement and membership
- 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
- Flexible PTO
- Employee Assistance Program (EAP)
- Training and professional development

## Similar roles

- [Senior Vulnerability Management Engineer](https://hotfix.jobs/jobs/e1c0bc92-8208-4594-bdbc-b75995a79087) - Celonis - New York, NY - $161k – $189k/yr
- [Senior Detection Engineer, Federal](https://hotfix.jobs/jobs/2ef1fb4e-1d9d-44e5-b676-738678d498c5) - Ramp - New York, NY - $160k – $221k/yr
- [Senior Security Engineer, Infrastructure & Network Security](https://hotfix.jobs/jobs/4bc3d67a-e623-4dfb-8bfa-fe2c37c466de) - Metropolis - Los Angeles, CA - $160k – $215k/yr
- [Senior Software Engineer, Information Security](https://hotfix.jobs/jobs/cfb1c219-740b-4c2e-a88a-ee445503e8cf) - Commure - Mountain View, CA - $160k – $190k/yr
- [Risk and Compliance Lead](https://hotfix.jobs/jobs/ff22e575-8f69-42e8-b7e9-fa241fc5a176) - Applied Intuition - Sunnyvale, CA - $160k – $190k/yr

**Apply:** https://hotfix.jobs/jobs/46cda7b8-2ee1-4f79-8da8-17e608bda6c2
**Canonical:** https://hotfix.jobs/jobs/46cda7b8-2ee1-4f79-8da8-17e608bda6c2