Senior Compliance Analyst

About Garner Health

Garner's mission is to transform the healthcare economy, delivering high-quality and affordable care for all. We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures.

Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale.

About the Senior Compliance Analyst Role

We are seeking an exceptional Senior Compliance Analyst to join our Security team as we enter our next phase of scale. This role will report to our VP, Engineering. As a Senior Compliance Analyst, you will collaborate with workflow owners, external auditors, and other stakeholders in order to assist with reviewing, monitoring, and resolving compliance findings. You will also have a key role in shaping the way the organization assesses risk and monitors security controls. In particular, you will be using code and LLMs to automate your work instead of relying on spreadsheets and manual processes.

Work Arrangement

This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week.

What You Will Do as a Senior Compliance Analyst

• Manage and support HITRUST, SOC 2, and ISO 27001 audits
• Assist go-to-market teams with customer inquiries
• Manage Garner's Security and Privacy trust center
• Maintain current knowledge of industry best practices and team procedures to maintain a suitable risk posture
• Manage security standards, policies, and practices on a recurring basis to maintain compliance and customer trust
• Use code and AI to streamline traditional, tedious GRC processes such as vendor security reviews and user access reviews

Qualifications for the Role

• 3+ years of direct experience in an information security role, with an emphasis on risk and compliance
• Prior experience with HITRUST, SOC 2, and ISO 27001 audits
• A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks
• Experience with GRC program building at high growth, cloud-native companies
• Knowledge of GRC tool techniques and best practices
• A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback

This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare. Please note: we are unable to sponsor or take over sponsorship of an employment visa at this time.

Compensation and Benefits

The target salary range for this position is $120,000 - $155,000. Individual compensation for this role will depend on various factors, including qualifications, skills, and applicable laws. In addition to base compensation, this role is eligible to participate in our equity incentive and competitive benefits plans, including but not limited to: flexible PTO, Medical/Dental/Vision plan options, 401(k), Teladoc Health and more.

Key skills/competency

• Compliance Management
• Risk Assessment
• Information Security
• HITRUST
• SOC 2
• ISO 27001
• GRC Automation
• Scripting
• AI/LLMs
• Cloud-Native Security