Security Compliance Analyst, GRC

Security Compliance Analyst, GRC Hims & Hers is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal, from diagnosis to treatment to delivery. No two people are the same, so we provide access to personalized care designed for results. By normalizing health & wellness challenges and innovating on their solutions, we’re making better health outcomes easier to achieve. Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS.” To learn more about the brand and offerings, you can visit hims.com/about http://hims.com/about and hims.com/how-it-works http://hims.com/how-it-works . For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals http://www.hims.com/careers-professionals. ABOUT THE ROLE: We are seeking a Security GRC Analyst to support and mature our governance, risk, and compliance program within a fast-paced healthcare technology environment. This role will partner closely with Security, Engineering, Legal, Privacy, Finance, and AI/ML teams to ensure our systems and processes meet regulatory, privacy, and security standards across domestic and international operations. You will help drive risk management initiatives, maintain compliance with globally recognized frameworks, and support audits while enabling the business to scale securely and responsibly, particularly in environments leveraging AI and automated decision-making systems. YOU WILL: - Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA - Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks) - Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures - Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA) - Track and manage remediation efforts for identified risks, control gaps, and audit findings - Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers - Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices - Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms) - Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements - Develop and maintain risk registers, control matrices, and compliance documentation - Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations - Assist with security, privacy, and responsible AI awareness and training initiatives - Provide reporting and metrics on risk posture, compliance status, and AI governance maturity YOU HAVE: - Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field - 3–5 years of experience in GRC, security compliance, risk management, audit, or related field - Experience supporting audits and compliance assessments - Experience with third-party/vendor risk management - Familiarity with data governance principles (classification, retention, lineage) - Thorough understanding of risk management methodologies and control frameworks - Strong communication, documentation, organizational, and analytical skills - Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders - Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA) - Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations ... (truncated, view full listing at source)