GRC Analyst

Under the supervision of the Lead Information Security Engineer, the GRC Analyst is responsible for establishing, maintaining, and continuously improving Roadie’s governance, risk, and compliance program to ensure the confidentiality, integrity, availability, and safety of information systems and data. This role supports compliance efforts for HIPAA and SOC2, performs risk assessments across systems, applications, and vendors, and translates regulatory and security requirements into practical, auditable controls. The GRC Analyst partners closely with Engineering, Product, Legal, Information Security, and Operations teams to embed security and privacy-by-design into processes and application development while supporting audits, evidence management, and ongoing risk remediation.

What You’ll Do

• Support and conduct audits to ensure compliance with Roadie directives, and regulatory frameworks including HIPAA and SOC2
• Develop, maintain, and update policies, procedures, and documentation
• Prepare and manage audit evidence, findings, and remediation tracking
• Coordinate with external auditors and internal control owners throughout the audit process
• Identify compliance gaps and support risk treatment and corrective action plans
• Perform risk assessments across systems, applications, and vendors
• Advise teams on security and privacy requirements in system and application design
• Stay current on regulatory standards, compliance requirements, and industry best practices
• Support security and compliance awareness through training and guidance
• Communicate compliance status, risks, and mitigation strategies to stakeholders

What You Bring

• 4+ years of experience in GRC, information security, or compliance, with hands-on audit and risk management experience
• Working knowledge of HIPAA, SOC2, and applicable federal and state regulatory requirements
• Experience translating regulatory and contractual requirements into policies, controls, and evidence
• Strong understanding of risk assessment methodologies, control frameworks, and governance best practices
• Ability to collaborate with technical teams to embed security and privacy requirements into systems and application design
• Experience managing audits and working directly with external auditors
• Excellent analytical, documentation, and stakeholder communication skills
• Relevant certifications such as CISA, CRISC, CISSP
• Experience with ISO, Cloud Infrastructure, and Application Development preferred

Why Roadie? 

• Competitive total rewards package
• 100% company-paid health insurance for yourself
• 401(k) with company match
• Tuition & student loan repayment assistance- yes, we’ll contribute directly to your student loans!
• Remote-first environment
• Unlimited PTO
• Inclusive family leave policy that supports all new parents
• Paid Wellness Days in addition to Company holidays 
• Monthly WFH stipend
• Paid sabbatical leave- tenured Roadies are given extra time to unplug, rest, and explore
• The technology you need to get the job done