BA

Sr. GRC Analyst

Job summary

Remote (United States)
Legal

Work model

Fully remote
Only United States
1 week ago
Job description

Bamboo Health is the leader in Real-Time Care Intelligence™ solutions aimed at improving lives for everyone experiencing physical and behavioral health challenges. We are driven by our mission to empower clients to deliver seamless, high-quality and cost-effective care during pivotal moments to improve health outcomes.

Summary

Bamboo Health Security designs forward-thinking security solutions across cloud services, identity and access management, virtualization, and third-party integrations. We focus on innovative, scalable practices that meet complex regulatory requirements and support the company's growth. Our team is highly collaborative and committed to both business success and individual development.

We are seeking a Senior Governance, Risk and Compliance (GRC) Analyst to help mature our compliance program, contribute to our audit cycles, and serve as the security interface for our customers. You will evaluate risks, conduct internal reviews, respond to customer security questionnaires, review security-relevant contract language, and use AI and automation to improve efficiency and maturity.

What You'll Do

  • Evaluate organizational policies and standards, ensuring that external and internal compliance requirements are met.
  • Develop improvements to the compliance program, including the use of AI, automation, and process optimization.
  • Review security-relevant language in customer contracts (MSAs, DPAs, BAAs) and RFP/RFI security sections.
  • Respond to customer security questionnaires using AI-assisted tools and trust content.
  • Work with external auditors and customers as necessary.
  • Maintain and update trust center content and customer-facing security documentation.
  • Perform vendor security risk assessments and contribute to the third-party risk management program.
  • Assist in policy documentation upkeep and development.
  • Monitor and assist with internal training programs on compliance requirements.
  • Ensure security operations remain aligned with compliance requirements, contributing to audit reviews.
  • Communicate compliance posture to internal and external stakeholders.
  • Partner with the Information Security team to identify areas for continuous improvement.
  • Stay curious about emerging AI tools to streamline or enhance work.

What Success Looks Like

In 3 months...

  • Understand Bamboo Health's products, organizational structure, and compliance landscape (SOC 2, HITRUST, FedRAMP, etc.).
  • Develop familiarity with policies, risk register, and trust center content.
  • Independently respond to customer security questionnaires and perform vendor security reviews.
  • Build partnerships with InfoSec, Legal, Sales, and cross-functional partners.
  • Incorporate AI-supported tools into day-to-day work.

In 6 months...

  • Actively contribute to audit cycles, including evidence collection and control mapping.
  • Own recurring compliance tasks (e.g., periodic access reviews, policy reviews).
  • Review security-relevant contract language and RFP security sections.
  • Identify compliance gaps and recommend remediation approaches.
  • Produce routine metrics and reporting on assigned work streams.

In 12 months...

  • Independently lead customer security trust activities.
  • Own specific compliance frameworks or domains with minimal oversight.
  • Drive improvements to the GRC program, including expanded use of AI and automation.
  • Contribute meaningfully to audit cycle outcomes.
  • Serve as a trusted subject matter expert and mentor within the Information Security team.

What You Need

  • Bachelor's degree in information security, computer science, or related field, or equivalent experience. CISSP, CISA, or CRISC are preferred.
  • 5+ years of experience in information security, with substantial focus on compliance, audit, or risk management.
  • Direct experience with security frameworks like NIST SP 800-53, HITRUST, HIPAA, and/or FedRAMP.
  • Experience responding to customer security questionnaires and supporting due diligence.
  • Experience reviewing security-relevant language in customer or vendor contracts.
  • Familiarity with healthcare data protection requirements (HIPAA).
  • Demonstrated experience with security auditing and evidence gathering.
  • Familiarity with cloud security concepts and practices.
  • Excellent written and verbal communication skills.
  • Ability to learn quickly and work independently.
  • Comfort using or learning AI-supported tools (e.g., ChatGPT, CoPilot).
  • Ability to work effectively in a remote-first environment.

What You Get

  • Join one of the most innovative healthcare technology companies in the country.
  • Autonomy to build with an enthusiastically supportive team.
  • Learn from world-class investors and advisors.
  • Competitive compensation, including health, dental, vision and other benefits.

Belonging at Bamboo

We Care. #BambooHealthValuesCare

We're a great place to work because we care. We continually seek to learn about our differences and ensure the unique perspectives and contributions of all employees are welcome, valued and celebrated.

Bamboo Health is an equal opportunity employer.

#LI-Remote