Senior Security Analyst

Senior Security Analyst

About the Role

Rightway Healthcare is looking for a Senior Security GRC Analyst ready to take their experience to the next level. If you’ve worked on GRC programs in a fast-paced or startup environment, this is your chance to apply that agility and execution focus in a growing healthcare organization. You’ll also have the opportunity to contribute to emerging areas of AI risk and governance as Rightway integrates advanced technologies into its platform.

Responsibilities

Reporting to the Security GRC Manager, you’ll own key deliverables that keep our security and compliance programs running smoothly, supporting customer assurance, vendor risk reviews, and recurring governance activities. This role is ideal for someone who enjoys hands-on GRC work and wants to grow as a senior individual contributor within a collaborative, mission-driven healthcare company transforming pharmacy benefit management and care navigation.

What You’ll Do

Core GRC Operations

• Coordinate and execute recurring GRC tasks such as quarterly access reviews, audit evidence collection, and risk register reconciliation.
• Document and track completion of control activities and escalate issues where needed.
• Assist with internal and external audits, ensuring timely and complete evidence collection and review.

Customer Assurance

• Collaborate with Sales, Legal, and Product teams to lead responses for customer security questionnaires and RFPs, progressively owning more complex requests as your experience deepens.
• Maintain and continuously improve a centralized repository of commonly requested security documentation and artifacts (e.g., SOC 2, SIG, CAIQ).

Vendor Risk Management

• Work closely with a broad array of business leaders to conduct initial and periodic vendor risk assessments, ensuring that third parties meet Rightway's security and compliance standards.
• Track and follow up on remediation plans and risk treatment for vendors posing unacceptable risk.
• Enable and support automation and optimization of the vendor risk assessment lifecycle using both AI and traditional tooling.

AI Governance

• Support the implementation and operationalization of AI risk and governance controls in alignment with ISO/IEC 42001 (AI Management System) and emerging regulatory guidance e.g., CAIA (Colorado AI Act).
• Monitor AI systems for compliance with ethical and legal standards.

Who You Are

• 3-5 years of experience in information security, GRC, or