GRC Analyst, Federal Programs

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Sword Health

Site WebLinkedInTous les Emplois

201 - 500 employés

Fondée en 2015

⚕️ Assurance santé

🤖 Intelligence artificielle

🧘 Bien-être

Healthcare Insurance • Artificial Intelligence • Wellness

Sword Health est une entreprise de santé numérique qui combine l'intelligence artificielle et l'expertise clinique pour fournir des soins de classe mondiale pour les affections musculo-squelettiques, articulaires et pelviennes. En proposant de la physiothérapie numérique et des soins pilotés par l'IA, Sword aide les individus à se remettre de leurs maladies physiques depuis le confort de leur domicile, évitant ainsi les chirurgies et réduisant le besoin de médicaments. L'entreprise fournit aux employeurs, aux régimes de santé, et aux particuliers des plans de traitement personnalisés qui sont rentables et ont prouvé leur efficacité en matière de réduction de la douleur et d'amélioration de la productivité. Sword Health s'engage à élargir l'accès à des soins de haute qualité et à assurer l'équité en matière de santé dans les communautés mondiales.

Description

• Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs; • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible; • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis; • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers; • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment; • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments; • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring; • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

🎯 Exigences

• 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP; • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort; • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements; • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision; • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams; • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments; • US citizenship required; • Ability to obtain a federal Public Trust designation if required by a sponsoring agency. • **What we would love to see** • CMMC Certified Professional (CCP) credential, or active pursuit of it; • CMMC Certified Assessor (CCA) credential; • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes; • Background in defense contracting or regulated health tech environments; • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001); • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

🏖️ Avantages

• Comprehensive health, dental and vision insurance* • Life and AD&D Insurance* • Financial advisory services* • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)* • Health Savings Account* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k) • Flexible working hours • Remote-first company • Paid company holidays • Free digital therapist for you and your family