GRC Support- Hybrid | Houston, TX
About the position We are seeking a hands-on GRC Analyst to support a mission-driven healthcare organization. In this role, you will be the "boots on the ground" for risk assessments, risk register management, and day-to-day GRC operations. If you are a self-starter who can hit the ground running with minimal ramp-up time, this is an excellent opportunity to manage high-impact compliance and security initiatives in a fast-paced clinical environment.
Responsibilities
- Conduct comprehensive vendor and application risk assessments, including evaluations of emerging technologies.
- Maintain and update the organizational risk register, including rigorous analysis, documentation, and evidence tracking.
- Manage the intake process, coordinate documentation, and handle follow-ups to ensure operational continuity.
- Assist with broader governance initiatives and provide support for the Data Loss Prevention (DLP) program.
- Ensure all activities align with HIPAA and other relevant healthcare regulatory requirements.
- Prepare clear, actionable reports and dashboards for key stakeholders.
Requirements
- 3–5 years of dedicated experience in GRC, IT Risk, or Compliance.
- Strong understanding of IT/Security controls and experience with GRC tools (e.g., Archer, ServiceNow, OneTrust, ZenGRC).
- Deep familiarity with HIPAA and healthcare-specific compliance challenges.
- Proven ability to manage a risk register and conduct assessments independently.
- Ability to work onsite in the Bellaire area every Tuesday.
Nice-to-haves
- Prior experience specifically within a hospital or healthcare provider system.
- Working knowledge of NIST, ISO 27001, or SOC 2.
- CISA, CRISC, or CISSP are highly desirable.
Benefits
- Hybrid schedule with only one required day in the office per week.
- Direct involvement in high-level risk and compliance strategy.
Apply tot his job Apply To this Job