GRC Analyst, Federal Programs

🕒 Maio 18

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Sword Health

SiteLinkedInTodas as Vagas

201 - 500 funcionários

Fundada em 2015

⚕️ Seguro de Saúde

🤖 Inteligência Artificial

🧘 Bem-estar

Healthcare Insurance • Artificial Intelligence • Wellness

A Sword Health é uma empresa de saúde digital que combina inteligência artificial (IA) com expertise clínica para oferecer cuidados de padrão mundial para condições de saúde musculares, articulares e pélvicas. Ao oferecer fisioterapia digital e cuidados orientados por IA, a Sword ajuda as pessoas a se recuperarem de problemas físicos no conforto de casa, evitando cirurgias e reduzindo a necessidade de medicamentos. A empresa oferece a empregadores, planos de saúde e indivíduos planos de tratamento personalizados, com ótima relação custo-benefício e resultados comprovados em redução da dor e melhoria da produtividade. A Sword Health é dedicada a ampliar o acesso a cuidados de alta qualidade e a promover equidade em saúde em comunidades ao redor do mundo.

Descrição

• Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs; • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible; • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis; • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers; • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment; • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments; • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring; • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

🎯 Requisitos

• 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP; • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort; • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements; • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision; • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams; • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments; • US citizenship required; • Ability to obtain a federal Public Trust designation if required by a sponsoring agency. • **What we would love to see** • CMMC Certified Professional (CCP) credential, or active pursuit of it; • CMMC Certified Assessor (CCA) credential; • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes; • Background in defense contracting or regulated health tech environments; • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001); • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

🏖️ Benefícios

• Comprehensive health, dental and vision insurance* • Life and AD&D Insurance* • Financial advisory services* • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)* • Health Savings Account* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k) • Flexible working hours • Remote-first company • Paid company holidays • Free digital therapist for you and your family