GRC Analyst
Under the supervision of the Lead Information Security Engineer, the GRC Analyst is responsible for establishing, maintaining, and continuously improving Roadie’s governance, risk, and compliance program to ensure the confidentiality, integrity, availability, and safety of information systems and data. This role supports compliance efforts for HIPAA and SOC2, performs risk assessments across systems, applications, and vendors, and translates regulatory and security requirements into practical, auditable controls. The GRC Analyst partners closely with Engineering, Product, Legal, Information Security, and Operations teams to embed security and privacy-by-design into processes and application development while supporting audits, evidence management, and ongoing risk remediation.
What You’ll Do
Support and conduct audits to ensure compliance with Roadie directives, and regulatory frameworks including HIPAA and SOC2
Develop, maintain, and update policies, procedures, and documentation
Prepare and manage audit evidence, findings, and remediation tracking
Coordinate with external auditors and internal control owners throughout the audit process
Identify compliance gaps and support risk treatment and corrective action plans
Perform risk assessments across systems, applications, and vendors
Advise teams on security and privacy requirements in system and application design
Stay current on regulatory standards, compliance requirements, and industry best practices
Support security and compliance awareness through training and guidance
Communicate compliance status, risks, and mitigation strategies to stakeholders
What You Bring
4+ years of experience in GRC, information security, or compliance, with hands-on audit and risk management experience
Working knowledge of HIPAA, SOC2, and applicable federal and state regulatory requirements
Experience translating regulatory and contractual requirements into policies, controls, and evidence
Strong understanding of risk assessment methodologies, control frameworks, and governance best practices
Ability to collaborate with technical teams to embed security and privacy requirements into systems and application design
Experience managing audits and working directly with external auditors
Excellent analytical, documentation, and stakeholder communication skills
Relevant certifications such as CISA, CRISC, CISSP
Experience with ISO, Cloud Infrastructure, and Application Development preferred
Why Roadie?
Competitive total rewards package
100% company-paid health insurance for yourself
401(k) with company match
Tuition & student loan repayment assistance- yes, we’ll contribute directly to your student loans!
Remote-first environment
Unlimited PTO
Inclusive family leave policy that supports all new parents
Paid Wellness Days in addition to Company holidays
Monthly WFH stipend
Paid sabbatical leave- tenured Roadies are given extra time to unplug, rest, and explore
The technology you need to get the job done
This role is not eligible for Visa sponsorship. Applicants must be authorized to work for any employer in the U.S.
About the job
Apply for this position
GRC Analyst
Under the supervision of the Lead Information Security Engineer, the GRC Analyst is responsible for establishing, maintaining, and continuously improving Roadie’s governance, risk, and compliance program to ensure the confidentiality, integrity, availability, and safety of information systems and data. This role supports compliance efforts for HIPAA and SOC2, performs risk assessments across systems, applications, and vendors, and translates regulatory and security requirements into practical, auditable controls. The GRC Analyst partners closely with Engineering, Product, Legal, Information Security, and Operations teams to embed security and privacy-by-design into processes and application development while supporting audits, evidence management, and ongoing risk remediation.
What You’ll Do
Support and conduct audits to ensure compliance with Roadie directives, and regulatory frameworks including HIPAA and SOC2
Develop, maintain, and update policies, procedures, and documentation
Prepare and manage audit evidence, findings, and remediation tracking
Coordinate with external auditors and internal control owners throughout the audit process
Identify compliance gaps and support risk treatment and corrective action plans
Perform risk assessments across systems, applications, and vendors
Advise teams on security and privacy requirements in system and application design
Stay current on regulatory standards, compliance requirements, and industry best practices
Support security and compliance awareness through training and guidance
Communicate compliance status, risks, and mitigation strategies to stakeholders
What You Bring
4+ years of experience in GRC, information security, or compliance, with hands-on audit and risk management experience
Working knowledge of HIPAA, SOC2, and applicable federal and state regulatory requirements
Experience translating regulatory and contractual requirements into policies, controls, and evidence
Strong understanding of risk assessment methodologies, control frameworks, and governance best practices
Ability to collaborate with technical teams to embed security and privacy requirements into systems and application design
Experience managing audits and working directly with external auditors
Excellent analytical, documentation, and stakeholder communication skills
Relevant certifications such as CISA, CRISC, CISSP
Experience with ISO, Cloud Infrastructure, and Application Development preferred
Why Roadie?
Competitive total rewards package
100% company-paid health insurance for yourself
401(k) with company match
Tuition & student loan repayment assistance- yes, we’ll contribute directly to your student loans!
Remote-first environment
Unlimited PTO
Inclusive family leave policy that supports all new parents
Paid Wellness Days in addition to Company holidays
Monthly WFH stipend
Paid sabbatical leave- tenured Roadies are given extra time to unplug, rest, and explore
The technology you need to get the job done
This role is not eligible for Visa sponsorship. Applicants must be authorized to work for any employer in the U.S.