GRC Analyst, Federal Programs

🕒 vor 22 Tagen

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Sword Health

WebsiteLinkedInAlle Stellen

201 - 500 Mitarbeiter

Gegründet 2015

⚕️ Krankenversicherung

🤖 Künstliche Intelligenz

🧘 Wellness

Healthcare Insurance • Artificial Intelligence • Wellness

Sword Health ist ein digitales Gesundheitsunternehmen, das künstliche Intelligenz mit klinischer Expertise kombiniert, um erstklassige Versorgung für Muskel-, Gelenk- und Beckenleiden bereitzustellen. Durch den Einsatz von digitaler Physiotherapie und KI-gestützter Versorgung ermöglicht Sword den Menschen, sich bequem von zu Hause aus von körperlichen Beschwerden zu erholen, Operationen zu vermeiden und den Medikamentenbedarf zu reduzieren. Das Unternehmen bietet Arbeitgebern, Krankenkassen und Einzelpersonen personalisierte Behandlungspläne, die kosteneffizient sind und nachweisbare Ergebnisse in der Schmerzreduktion und Verbesserung der Produktivität aufweisen. Sword Health ist bestrebt, den Zugang zu qualitativ hochwertiger Versorgung zu erweitern und gesundheitliche Gleichheit in globalen Gemeinschaften zu gewährleisten.

Beschreibung

• Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs; • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible; • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis; • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers; • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment; • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments; • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring; • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

🎯 Anforderungen

• 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP; • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort; • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements; • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision; • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams; • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments; • US citizenship required; • Ability to obtain a federal Public Trust designation if required by a sponsoring agency. • **What we would love to see** • CMMC Certified Professional (CCP) credential, or active pursuit of it; • CMMC Certified Assessor (CCA) credential; • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes; • Background in defense contracting or regulated health tech environments; • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001); • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

🏖️ Vorteile

• Comprehensive health, dental and vision insurance* • Life and AD&D Insurance* • Financial advisory services* • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)* • Health Savings Account* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k) • Flexible working hours • Remote-first company • Paid company holidays • Free digital therapist for you and your family