Senior Governance Risk and Compliance (GRC) Analyst

Included Health

Included Health

IT, Legal
Posted on Saturday, January 27, 2024
Included Health is seeking a Governance Risk & Compliance, Senior Analyst to be a key member of the Cyber Security team. This role will primarily build a strong Risk Management Program within Cyber Security to include managing and reporting on third party risks from vendors. They will also act as the primary owner of the security policies.


  • Conduct regular risk assessments across the company, and work with relevant departments to identify, evaluate, and mitigate risks.
  • Create and build a formal Risk Management program for Cyber Security to include reporting on risks as a recurring activity to senior leadership, and obtaining acceptance from business leaders for residual risks. Lead recurring risk reviews with senior management.
  • Define, develop, and implement capabilities to manage third-party cybersecurity risks.
  • Lead Business Impact Assessments (BIA’s) and maturation activities for Business Continuity and Disaster Recovery efforts.
  • Manage Cyber Security Controls to include conducting rigorous internal control monitoring and testing, implementing control enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.
  • Write and update policies and procedures as a regular activity.
  • Act as a primary driver of the company's security training program with measurable KPI’s.


  • 7+ years of experience in Cyber Security
  • Strong Technical Aptitude
  • Excellent communication skills, both written and verbal
  • An independent self-starter
  • A consistent problem solver
  • Strong experience writing cyber security policies
  • 3+ years building a Risk Management Program, to include a strong history of communicating risks with senior management.
  • Deep understanding of HIPAA standards and HITRUST requirements
  • Prior experience working in Healthcare is strongly preferred
  • Heavy hands-on administrative experience with GRC tools is required; experience with AuditBoard is a strong plus
  • Prior experience with JIRA is preferred
The United States new hire base salary target ranges for this full-time position are:
Zone A: $132,400 - $196,950 + equity + benefits
Zone B: $110,300 - $164,150 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for the successful candidate will depend on several job-related factors, unique to each candidate, which may include, but not limited to, education; training; skill set; years and depth of experience; certifications and licensure; business needs; internal peer equity; organizational considerations; and alignment with geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and competitive compensation based on their roles and locations. Your Recruiter can share your geographic zone alignment upon inquiry.
In addition to receiving a competitive base salary, the compensation package may include, depending on the role, the following:
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
Generous Paid Time Off ("PTO") and Discretionary Time Off (“DTO")
12 weeks of 100% Paid Parental leave
Up to $25,000 Fertility and Family Building Benefit
Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
11 Holidays Paid with one Floating Paid Holiday
Work-From-Home reimbursement to support team collaboration and effective home office work
24 hours of Paid Volunteer Time Off (“VTO”) Per Year to Volunteer with Charitable Organizations
Your recruiter will share more about the specific salary range and benefits package for your role during the hiring process.
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.