Senior Governance & Risk Analyst

Lantern Specialty Care is seeking a Senior Risk & Governance Analyst to join our GRC team as a key individual contributor. This is a newly created role, built to scale our risk and compliance capabilities as we expand our AI-forward healthcare technology platform. You will report directly to the Sr. GRC Manager and play a foundational role across four priority areas: maintaining our risk register, advancing AI risk governance, TPRM, and supporting our HIPAA compliance program.

This is a high-impact, cross-functional role. We are at a critical stage of maturing our GRC program. There is significant greenfield opportunity to build structure where gaps exist, particularly in risk management and AI governance. The ideal candidate is hands-on, comfortable with ambiguity, and excited to leave their fingerprints on programs that will shape the organization’s risk posture for years to come.

Location: Hybrid - at least 3 days/wk in our Dallas, TX office located at 2100 Ross Avenue, Suite 1900, Dallas, Texas 75201

Responsibilities: 

• Support the build-out of Lantern’s risk register by conducting risk identification workshops, defining risk taxonomy, assigning ownership, and establishing likelihood/impact scoring
• Map current control environment against the NIST CSF function; document gaps and develop a prioritized remediation roadmap
• Establish recurring risk review cadence with business unit owners
• Maintain and evolve the risk register as a living document; produce regular risk reporting for leadership
• AI governance framework aligned to the NIST AI RMF — covering model risk assessment, bias considerations, transparency standards, and accountability structures
• Build and maintain an AI systems inventory with risk ratings; assess new use cases before deployment in partnership with Engineering and Product
• Monitor emerging AI regulatory guidance (HHS, EU AI Act, state-level) and translate into actionable controls
• Manage ongoing HIPAA Privacy and Security compliance programs: gap assessments, remediation tracking, and workforce training coordination
• Support SOC 2 Type II, HITRUST CSF, and other applicable audit cycles
• Support TPRM activities including vendor risk assessments and vendor tiering maintenance

Requirements:

• Bachelor’s degree in Information Security, Healthcare Administration, Computer Science, or related field
• A minimum of 5 years’ experience in GRC, compliance, or information security
• A minimum of 3 years’ experience in healthcare or health-tech industries
• Direct & Hands-on experience with the following:
• Building or significantly maturing a risk register
• Performing or supporting HITRUST and/or SOC 2 audits
• HIPAA Privacy/Security Rule compliance programs
• NIST CSF or ISO 27001
• AI Specific Risk Management Frameworks such as NIST AI RMF or Similar frameworks

Certifications (Preferred)

• CISA, CRISC, CISSP, CHC, or CHPC highly desirable
• HITRUST CCSFP a strong plus

Technical Skills

• Proficiency with a GRC platform (Vanta, Drata, ServiceNow GRC, OneTrust, or equivalent)
• Working knowledge of AI/ML risk concepts and the NIST AI RMF
• Experience with third-party risk tools and structured vendor assessment workflows
• Ability to read, interpret, and operationalize regulatory guidance

 Strong Candidates Will:

• Be energized by building. This role has significant greenfield scope, and the best candidates will see that as an opportunity, not a gap
• Move with urgency and precision, flagging risk before it becomes an issue
• Balance rigor with pragmatism, enabling the organization to move fast while staying protected
• Communicate clearly to both technical and non-technical audiences without losing nuance
• Bring genuine curiosity about AI and emerging technology governance
• Embody Lantern’s LIGHT pillars — Logic, Inclusion, Grit, Humanity, Truth — in every interaction

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Short & Long Term Disability
• Life Insurance
• 401k with company match
• Flexible Time Off
• Paid Parental Leave