GRC Analyst

Job Description

Job Description

Governance, Risk, and Compliance (GRC) Analyst

Position Overview : The GRC Analyst will be responsible for supporting the development, implementation, and management of the company's governance, risk management, and compliance programs. The role involves identifying and mitigating risks, ensuring regulatory compliance, and strengthening internal controls to protect the organization from potential threats and to align with industry best practices.

Key Responsibilities :

• Governance Frameworks : Develop, implement, and maintain governance frameworks, policies, and procedures to ensure effective oversight of corporate operations and business processes.
• Risk Management : Identify, assess, and prioritize organizational risks (financial, operational, cyber, etc.) and support the development of mitigation strategies. Assist in performing risk assessments and creating risk management plans.
• Compliance Monitoring : Ensure adherence to relevant laws, regulations, industry standards (such as GDPR, HIPAA, SOX, PCI DSS), and internal policies. Conduct regular audits and assessments to ensure compliance with regulatory requirements. For Expion Health, this means HITRUST Certification Annually.
• Policy and Procedure Management : Assist in creating and maintaining policies, guidelines, and documentation that support the organization's GRC strategy. Work closely with other departments to ensure policies are communicated, understood, and followed.
• Internal Controls : Evaluate the effectiveness of internal controls, recommend improvements, and collaborate with various teams to address compliance gaps and ensure continuous improvement.
• Reporting & Documentation : Prepare reports on risk management activities, compliance status, and findings from audits or assessments. Document compliance issues, corrective actions, and risk mitigation efforts.
• Training and Awareness : Conduct GRC-related training and awareness programs to ensure employees understand their roles in compliance and risk management.
• Third-party Risk Management : Assist in evaluating and managing the risk associated with third-party vendors and partners. Ensure appropriate risk assessments and due diligence are conducted prior to onboarding third parties.
• Incident Management : Support the organization in responding to compliance or risk-related incidents, including data breaches, regulatory inquiries, or internal control failures, and help in the implementation of corrective actions.
• Collaboration : Work closely with cross-functional teams, including IT, legal, finance, and operations, to align governance, risk, and compliance initiatives across the organization.

Required Qualifications :

Technical Skills :

Soft Skills :

Preferred Qualifications :

What it's like to work with us

Expion Health has been challenging the industry status quo for over 30 years, leading with ground-breaking innovation in a wide variety of healthcare cost-management solutions. Embracing the latest opportunities that technology can offer within a rapidly evolving industry, we provide exceptional service, technology, and product innovation to meet greater challenges in healthcare cost management.

We have a distributed workforce so you can work from anywhere in the continental United States. Because of our distributed nature we have cultivated a connected culture that includes town halls, one-on-ones with executive leadership, educational forums, and even social clubs.

We offer comprehensive benefits package which includes the following :