Now is the time to join us! 

Who are you?

We are seeking a motivated and detail-oriented GRC Analyst I to join our Governance, Risk, and Compliance team. This entry-level role offers an exciting opportunity to gain hands-on experience in compliance, risk management, and governance initiatives while contributing to the organization's mission of maintaining robust security and compliance frameworks.

In this role you will wear many hats, but your knowledge will be essential in the following:  

• Assist in the development, implementation, and maintenance of policies, procedures, and standards to support governance objectives.
• Ensure policies are stored, distributed, and tracked appropriately for organizational awareness and compliance.
• Support policy exception tracking and documentation.
• Conduct initial assessments for identified risks, documenting findings, and escalating them to senior team members for further analysis.
• Support risk monitoring activities by collecting data, maintaining risk registers, and preparing reports.
• Assist in tracking mitigation plans and ensuring timely resolution of identified risks.
• Help facilitate compliance activities related to frameworks such as SOC 2, ISO 27001, HIPAA, GDPR, HITRUST CSF and other relevant standards.
• Collect evidence for audits and compliance assessments, ensuring accurate and timely submissions.
• Track findings from audits or assessments and follow up on remediation efforts.
• Assist in the preparation and delivery of employee training on compliance policies and procedures.
• Support awareness campaigns to promote a culture of security and compliance throughout the organization.
• Documentation and Reporting
• Maintain and update documentation related to compliance, risk management, and governance activities.
• Assist in preparing reports on compliance status, risk metrics, and audit progress for internal stakeholders.

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

What you bring to the Personify Health Team:

• Bachelor’s degree in information security, Computer Science, Business Administration, or a related field.
• 0–2 years of experience in GRC, compliance, risk management, or related fields (internships or academic projects may be considered).
• Basic understanding of regulatory standards and frameworks (e.g., SOC 2, ISO 27001, GDPR, HIPAA) is a plus.

You also take pride in offering the following Core Skills, Competencies, and Characteristics:

• Strong organizational and time-management skills, with the ability to handle multiple priorities effectively.
• Excellent attention to detail and accuracy in all tasks.
• Strong written and verbal communication skills.
• Basic proficiency with productivity tools such as Microsoft Office Suite (Excel, Word, PowerPoint).
• Familiarity with GRC tools or platforms is a plus but not required.
• A willingness to learn and grow in the field of GRC.

No candidate will meet every single desired qualification. If your experience looks a little different from what we’ve identified and you think you can bring value to the role, we’d love to learn more about you!

Personify Health is an equal opportunity organization and is committed to diversity, inclusion, equity, and social justice.

We strive to cultivate a work environment where differences are celebrated, and employees of all backgrounds are empowered to thrive. Personify Health is committed to driving Diversity, Equity, Inclusion and Belonging (DEIB) for all stakeholders: employees (at each organization level), members, clients and the communities in which we operate. Diversity is core to who we are and critical to our work in health and wellbeing.