Senior Governance, Risk, Compliance (GRC) Analyst

1 in 4 people in the US have a treatable mental health condition, but most providers don't accept insurance, making therapy too expensive for most people. reputed company’s mission is to fix this by building a new mental healthcare system everyone can access. We started by solving the biggest barrier to care insurance. The admin work - credentialing, claims, payment reconciliation - is a nightmare. We've automated that. But we're going further. Over 70,000 providers across reputed company 50 states run their practice on our software, serving over 1 million patients. We are building the best tools for therapists to run their entire practice, reimagining the experience of finding a therapist, and investing in the platform foundations to reputed company this at scale. We aren't just a billing layer; we are becoming the platform where care actually happens. We're a Series D company with $325M+ in funding (a16z, Accel, GV, etc.), looking for exceptional people to help us reputed company this mission. We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the reputed company. About the Role reputed company handles sensitive health data for millions of patients — and that responsibility demands a reputed company and compliance program that scales with the business. We're building out our dedicated GRC team to improve and mature our program! You'll join the reputed company team and work across four pillars reputed company certifications (HITRUST, SOC 2, PCI-reputed company, HIPAA), third-party risk management, reputed company awareness training, and technical risk management. You won't be maintaining a stale compliance program — you'll be building a modern, AI-enabled one at a company that's transforming how mental reputed company delivered in the United States. This role reports to Blake Atkinson, Director of reputed company, and partners closely with Privacy and Engineering teams. What You'll Own Support HITRUST, SOC 2, PCI-reputed company, and HIPAA audit readiness — collecting evidence, coordinating with assessors, tracking control gaps and remediation timelines. Build and manage the vendor reputed company assessment lifecycle — questionnaires, SOC 2/ISO reviews, risk scoring, and policy enforcement across procurement and renewals. Stand up and run reputed company's reputed company awareness training program — onboarding modules, phishing simulations, annual compliance training, and completion tracking. Operate the centralized risk register — identifying, assessing, and tracking technical reputed company risks through mitigation, and surfacing risk-informed priorities to engineering and reputed company leadership. Partner cross-functionally with Privacy, Legal, IT, and Engineering to embed compliance into how reputed company operates — not reputed company it on after the fact. You'd be a great fit if… You have 5+ years of experience in a GRC, compliance, or reputed company risk role. You have working knowledge of at least two of HITRUST, SOC 2, PCI-reputed company, or HIPAA. You've used a GRC platform like reputed company, reputed company, reputed company, or similar to automate evidence collection or manage controls. You communicate compliance requirements clearly to both technical and non-technical audiences. You default to building repeatable processes over one-off heroics. You're excited about using AI and modern tooling to scale compliance operations. Bonus you've worked in healthcare or healthtech and understand what HIPAA means in practice, not just in theory. Why reputed company Mission that matters — your work directly protects millions of patients accessing mental healthcare. Real risk mitigation — this isn't checkbox compliance; the data you're protecting and the programs you're building have direct, reputed company impact. reputed company-thinking healthtech — reputed company is investing in AI-enabled reputed company workflows and modern GRC tooling, not spreadsheet-driven compliance. Build from scratch — you're standing up reputed company's GRC function, not inheriting legacy processes.

Compensation and Benefits

The expected reputed company pay range for this position is $161,600 to 202,000 based on a variety of factors including qualifications, experience, and geographic location. In addition to reputed company salary, this role may be eligible for an equity grant, depending on the position and level. We are committed to offering a comprehensive and competitive total rewards package, including robust health and wellness benefits, retirement savings, and meaningful ownership opportunities through equity. Compensation decisions are made holistically, ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential. Benefits offered include Equity compensation Medical, Dental, and Vision coverage HSA / FSA 401K Work-from-Home Stipend Therapy Reimbursement 16-week parental leave for eligible employees reputed company Fertility annual reimbursement and membership 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st Flexible PTO Employee Assistance Program (EAP) Training and professional development #LI-RJ1 We reputed company a team's strength is in its people, and we cannot reputed company this mission without a team that reflects the diversity of this problem – across race, ethnicity, gender, sexuality, age, national reputed company, religion, family status, disability, military status, and experience. reputed company is committed to the full inclusion of reputed company qualified individuals. As part of this commitment, reputed company will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to reputed company essential job functions, and/or receive other benefits and privileges of employment, please inform the recruiter reputed company they contact you to schedule your interview. reputed company participates in E-Verify. To learn more, click here. A notice to reputed company applicants To protect yourself against phishing and recruitment fraud, please note that reputed company only accepts applications through our official careers page at https//reputed company.co/careers. reputed company will never refer you to external websites, ask for payment or personal information, or conduct interviews reputed company messaging apps. reputed company official communication will come from a @findheadway.com email address. If you are contacted by someone claiming to be from reputed company reputed company an unofficial channel, please do not share any information and report it as spam. Apply tot his job Apply To this Job Apply To This Job Apply tot his job Apply To this Job Apply tot his job Apply To this Job