Senior GRC Analyst, HIPAA

Job not on LinkedIn

🔥 0 minutes ago

🏄 California – Remote

🏄 California – Remote

💵 $132.6k - $195k / year

⏰ Full Time

🟠 Senior

🚔 Compliance

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

DoorDash

WebsiteLinkedInAll Job Openings

10,000+ employees

🛍️ eCommerce

🚗 Transport

eCommerce • Marketing • Transport

DoorDash is a leading food delivery service that connects customers with local businesses and restaurants. By empowering local economies, DoorDash facilitates the growth and success of restaurants and retailers, offering a flexible work environment for its employees. The company emphasizes innovation and aims to redefine the local commerce experience while providing extensive benefits and opportunities for team members across various career areas.

📋 Description

• Lead and support HIPAA security compliance workstreams across products, platforms, systems, and engineering teams. • Turn legal requirements into actionable technical and operational control requirements. • Perform HIPAA readiness assessments, gap analyses, risk assessments, and control design/effectiveness reviews. • Build and maintain control mappings across HIPAA, HITRUST, SOC 2, ISO 27001, NIST 800-53, and DoorDash security standards. • Partner with Engineering and Security Engineering to implement scalable controls. • Maintain HIPAA security program documentation including policies, standards, and procedures. • Support internal and external audits and compliance evidence collection. • Partner with Legal and Security Operations on incidents involving PHI/ePHI. • Mature GRC tooling and continuous control monitoring • Provide practical guidance to stakeholders regarding HIPAA requirements. • Monitor regulatory changes related to HIPAA and healthcare security.

🎯 Requirements

• 6+ years of experience in security compliance, GRC, risk management, audit, privacy/security operations, or related information security roles. • 3+ years of hands-on experience implementing, operating, or materially maturing HIPAA programs in a technology, SaaS, health-tech, or highly regulated environment. • Strong working knowledge of HIPAA Security Rule requirements. • Practical experience applying HIPAA safeguards to cloud, SaaS, data, and engineering environments. • Experience with adjacent frameworks and standards such as HITRUST, SOC 2, ISO 27001, NIST 800-53, PCI DSS, GDPR or CCPA. • Experience supporting audits, compliance assessments, control testing, evidence collection, risk assessments, and remediation programs. • Ability to translate complex compliance requirements into clear, actionable tasks. • Technical fluency to understand cloud architecture, APIs, IAM, CI/CD, infrastructure-as-code, logging, vulnerability management, and security monitoring concepts. • Strong communication and documentation skills.

🏖️ Benefits

• 401(k) plan with employer matching • 16 weeks of paid parental leave • Wellness benefits • Commuter benefits match • Paid time off • Paid sick leave • Medical benefits • Dental benefits • Vision benefits • 11 paid holidays • Disability insurance • Basic life insurance • Family-forming assistance • Mental health program