Junior Governance Risk and Compliance Analyst at Gifthealth

Columbus, Ohio, United States -

Full Time

Start Date

Immediate

Expiry Date

12 May, 26

Salary

0.0

Posted On

11 Feb, 26

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Governance, Risk Management, Compliance, Policy Management, Audits, Regulatory Compliance, Documentation, Data Analysis, Communication, Attention to Detail, Microsoft Excel, Microsoft Office, Risk Assessment, Cybersecurity, Internal Controls, Vendor Risk Assessment

Industry

technology;Information and Internet

Description

Description About Us At Gifthealth, we're revolutionizing the way people experience healthcare by simplifying the process of managing prescriptions and health services. Our mission is to provide a seamless, personalized, and efficient healthcare experience for all our customers. We're a dynamic, innovative, and customer-centric company dedicated to making a positive impact on people's lives. Position Summary Reporting to the Governance Risk and Compliance (GRC) Lead, the Junior Governance Risk and Compliance (GRC) Analyst supports Gifthealth’s Governance, Risk, and Compliance function by assisting with policy management, risk assessments, audits, and regulatory compliance activities. This is an entry-level role designed for individuals building a career in cybersecurity, compliance, and risk management We are seeking a Junior GRC Analyst to help ensure the organization meets applicable regulatory, security, and internal control requirements. This position collaborates cross-functionally to collect evidence, maintain GRC tools, and support risk remediation efforts, ensuring alignment with organizational goals, operational excellence, and compliance standards. Key Responsibilities Assists with development, review, and maintenance of GRC policies, procedures, and frameworks Supports internal audits, control testing, and risk assessments across departments Monitors compliance with applicable regulations (e.g., HIPAA, PCI-DSS) and internal standards Tracks risks, issues, and remediation activities in GRC tools and systems Collects and organizes evidence for compliance reporting and audits Assists with third-party/vendor risk assessments Researches evolving regulations and cybersecurity best practices Qualifications Education: Bachelor’s degree in information systems, cybersecurity, risk management, Business, or related field OR equivalent relevant experience (Required) Coursework or certifications related to security, compliance, or risk (e.g., Security+, GRC fundamentals) (Preferred) Licensure/Certification: None Experience: 0–2 years of experience in compliance, audit, IT security, risk management, or related internships/co-op roles (Required) Exposure to audits, risk assessments, or compliance documentation (Preferred) Experience in healthcare, technology, or regulated industries (Preferred) Experience using GRC, audit, or risk management tools (Preferred) Knowledge, Skills, & Abilities: Knowledge of regulatory requirements such as HIPAA and PCI-DSS and a basic understanding of information security, risk, and compliance concepts (Required) Familiarity with GRC frameworks (NIST, ISO 27001, COBIT, SOC 2) and exposure to privacy regulations (HIPAA, CCPA) (Preferred) Strong attention to detail and documentation skills (Required) Proficiency in Microsoft Excel and Microsoft Office tools (Required) Clear written and verbal communication skills (Required) Basic data analysis and reporting skills (Preferred) Ability to organize and manage multiple tasks simultaneously (Required) Ability to follow defined processes and controls (Required) Ability to communicate with technical and non-technical stakeholders (Required) Ability to identify gaps or inconsistencies in documentation or controls (Preferred) Ability to learn and adapt quickly in a regulated environment (Preferred) Work Environment Location: Hybrid Schedule: 8:00 A.M. to 5:00 P.M. Monday through Friday with night and weekend hours on occasion as determined by the needs of the business. Regular meetings with internal GRC/Security, IT, Engineering, Legal, Privacy, Operations, and business stakeholder teams. This role may also have meetings with external third-party vendor, auditor, and compliance representatives. Key Essential Functions Must be able to remain in a stationary position for extended periods while writing or reviewing documentation Must be able to work on a computer for the entire shift Must be able to attend virtual meetings with cross-functional teams. Employment Classification Status: Full-time FLSA: Exempt Equal Employment Opportunity (EEO) Statement Gifthealth is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. All employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, transgender status, national origin, age, disability, veteran status, or any other legally protected status. We celebrate diversity and are committed to creating an inclusive environment for all employees. If you do not meet every requirement but still feel you would be a great fit for this role, we encourage you to apply! Disclaimer This job description is intended to describe the general nature and level of work being performed. It is not intended to be an exhaustive list of all responsibilities, duties, or skills required of personnel. Gifthealth reserves the right to modify job duties or descriptions at any time.

Responsibilities

The Junior GRC Analyst supports the Governance, Risk, and Compliance function by assisting with policy management, risk assessments, audits, and regulatory compliance activities. This role involves collaborating cross-functionally to collect evidence and support risk remediation efforts.