A better way to get your employees to high-quality doctors.
Senior GRC Analyst
Location
United States
Posted
7 days ago
Salary
$132K - $165K / year
Seniority
Senior
Job Description
Senior GRC Analyst
Garner Health
Garner’s mission is to transform the healthcare economy, delivering high-quality and affordable care for all. We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures. Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale. About the role:We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow. Where you will work:This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week. What you will do: - Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle - Serve as the subject matter expert across the company on our compliance frameworks - Serve as the primary point of contact for external auditors and assessors - Manage Garner’s Security and Privacy trust center - Maintain the risk register and drive risk identification, scoring, and reporting - Manage the maintenance of our compliance policies, standards, and procedures - Report on our compliance posture to senior leadership - Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest The ideal candidate has: - 5+ years of experience in GRC, IT audit, or information security compliance - Prior experience with HITRUST, SOC 2, and ISO 27001 audits - Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment - Proven ability to adapt your communication style across engineers, operators, and executives - A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks - Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred - A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback Technologies we use: - AWS, Okta, Datadog, Retool, Gitlab, Vanta This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare. Compensation Transparency:The target salary range for this position is $132,000 - $165,000. Individual compensation for this role will depend on various factors, including qualifications, skills, and applicable laws. In addition to base compensation, this role is eligible to participate in our equity incentive and competitive benefits plans, including but not limited to: flexible PTO, Medical/Dental/Vision plan options, 401(k), Teladoc Health and more. Fraud and Security Notice: Please be aware of recent job scam attempts. Our recruiters use getgarner.com and garnerhealth.com email domains exclusively. If you have been contacted by someone claiming to be a Garner recruiter or a hiring manager from a different domain about a potential job, please report it to law enforcement here and to candidateprotection@garnerhealth.com. Equal Employment Opportunity:Garner Health is proud to be an Equal Employment Opportunity employer and values diversity in the workplace. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Garner Health is committed to providing accommodations for qualified individuals with disabilities in our recruiting process. If you need assistance or an accommodation due to a disability, you may contact us at talent@garnerhealth.com.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Security Analyst
blueAPACHEblueAPACHE is based on the idea that people should have secure and efficient access to their systems wherever they are.
• Monitor security alerts and triage incidents across SIEM and endpoint tools. • Investigate suspicious activity and escalate confirmed threats to senior analysts. • Document incidents, findings, and response actions in ticketing systems. • Perform initial log analysis to identify indicators of compromise and attack patterns. • Support continuous improvement of detection rules, playbooks, and SOC processes.
Senior Security Analyst – L2/L3
Quadcode SaaSAt Quadcode we build brokerage platforms. Go live in six weeks with an award-winning turnkey solution.
• Work closely with infrastructure teams (Admins, NOC, OPS, Compliance), translating security signals into actionable findings and coordinating response across operating systems, infrastructure, and cloud environments. • Responsible for security event monitoring, incident response, and continuous improvement of detection and IR processes. • Participate in Agile (2-week sprints, grooming, planning, retrospectives) and use collaborative tools for teamwork. • Handle working hours during business hours, with paid overtime in case of incidents. • Work with a modern stack and grow within the company — including cloud and hybrid infrastructure, and AI applied to real security work. • Conduct event correlation rules development and automation.
Cybersecurity Analyst
UnitedHealth GroupUnitedHealth Group is a healthcare and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of
Title: Cybersecurity Analyst - Hybrid in MN Job Description: Requisition number: 2357994 Job category: Technology Primary location: Eden Prairie, MN Overtime status: Exempt travel" style="font-size:1rem !important">Travel: No Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best.Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale.Join us to start Caring. Connecting. Growing together. The Insider Risk Analyst is responsible for detecting, analyzing, and investigating potential insider‑driven risks to UnitedHealth Group's people, data, and systems. This role supports the Insider Risk Program by monitoring user activity, identifying anomalous or concerning behavior, conducting investigations, and partnering with cross‑functional stakeholders to mitigate risk while ensuring privacy, legal, and policy compliance. The analyst will leverage technical data sources, behavioral indicators, and investigative techniques to assess risk, support casework, and contribute to the continuous improvement of insider risk detection and response capabilities. If you reside in Minnesota, you'll enjoy the flexibility of a hybrid-remote position* as you take on some tough challenges. This position follows a hybrid schedule with four in-office days per week. Primary Responsibilities Insider Risk Detection & Analysis - Monitor and analyze user activity, system logs, and alerts to identify potential insider risk indicators, including data exfiltration, misuse of access, policy violations, or negligent behavior. - Perform analytical triage of insider risk alerts generated from enterprise security tools (e.g., SIEM, DLP, endpoint, identity, and email systems). - Establish baseline user behavior and identify deviations that may indicate insider risk activity. Investigations & Case Management - Conduct insider risk investigations by collecting, correlating, and analyzing data from multiple technical and non‑technical sources. - Document investigative findings, timelines, and conclusions in accordance with Insider Risk Program procedures and records‑retention requirements. - Prepare clear, concise investigative summaries and risk assessments for leadership and stakeholders. Technical & Forensic Support - Analyze logs, email activity, file access, web activity, and authentication events to support investigations. - Assist with digital forensic data collection and analysis in support of insider risk cases, as appropriate. - Develop, maintain, and refine queries, dashboards, and analytical workflows to improve detection efficiency and investigative quality. Cross‑Functional Collaboration - Partner with HR, Legal, Compliance, Employee Relations, Privacy, and Information Security teams during insider risk reviews and investigations. - Support escalation and coordination with Enterprise Information Security for incidents requiring broader security response. - Participate in insider risk working groups and contribute to program governance activities. Program & Process Improvement - Contribute to the development and enhancement of insider risk policies, procedures, and standard operating processes. - Assist in defining insider risk indicators, metrics, and reporting to support program maturity. - Support audits, assessments, and program evaluations related to insider risk management. You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: - Bachelor's degree in Cybersecurity, Information Security, Computer Science, Criminal Justice, or a related field - 3+ years of experience in cybersecurity - 3+ years of experience in security analysis, investigations, insider risk, threat analysis, or digital forensics - 2+ years of experience with working knowledge of security logs, user activity monitoring, and investigative techniques - 2+ years of experience of documenting findings clearly and communicate effectively with both technical and non‑technical audiences Preferred Qualifications: - Experience supporting an insider risk, fraud, compliance, or digital forensics program - Hands‑on experience with SIEM platforms (e.g., Splunk, Sentinel), DLP tools, endpoint security, or identity monitoring - Familiarity with insider risk frameworks and best practices (e.g., CERT Insider Threat, NIST CSF) - Experience collaborating with HR, Legal, Privacy, or Employee Relations teams - Knowledge of privacy, data protection, and employee monitoring considerations in a regulated environment Soft Skills: - Strong analytical and critical‑thinking skills with the ability to assess risk objectively - Demonstrated ability to handle sensitive information with discretion and professionalism Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $72,800 - $130,000 annually based on full-time employment. We comply with all minimum wage laws as applicable. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location, and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups, and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment. #RPO #YELLOW
Senior Cybersecurity Analyst
UnitedHealth GroupUnitedHealth Group is a healthcare and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of
Senior Cybersecurity Analyst Requisition number: 2361457 Job category: Technology Primary location: Eden Prairie, MN Overtime status: Exempt Travel: Yes, 10 % of the Time Job Description: Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week. Primary Responsibilities: - Platform & Domain Expertise - Demonstrate sustained, hands-on experience operating enterprise asset intelligence platforms - Apply platform capabilities to support enterprise objectives related to asset visibility, risk awareness, and data reliability - Understand how asset intelligence data is generated, normalized, and interpreted across large, complex network environments - Networking Knowledge & Application- - Possess a solid understanding of enterprise networking concepts, architectures, and device communication patterns - Apply knowledge of networking fundamentals (e.g., IP addressing, routing, switching, segmentation, and name resolution) to support accurate asset discovery and classification - Demonstrate the ability to interpret network based signals and telemetry to inform asset identification and behavioral understanding - Asset Discovery & Data Quality - Support enterprise asset discovery efforts by validating completeness, accuracy, and consistency of discovered assets - Identify and escalate data quality issues such as duplication, misclassification, incomplete attribution, or stale records - Contribute to ongoing initiatives focused on improving trust in enterprise asset data used for security, infrastructure, and operational decision making - Integration Awareness & Cross Functional Support - Understand how asset intelligence platforms integrate with broader enterprise systems and processes - Collaborate effectively with network, infrastructure, cybersecurity, and platform teams to align asset data with business and operational needs - Communicate technical findings clearly and professionally to stakeholders with varying levels of technical expertise - Operational Execution & Problem Solving - Apply structured analysis to investigate asset visibility gaps, discovery limitations, and data discrepancies - Support operational processes through consistent execution, documentation, and adherence to established standards - Demonstrate sound judgment when working within regulated, security sensitive enterprise environments - Documentation, Governance & Risk Awareness - Produce clear, accurate documentation to support operational transparency, governance, and audit readiness - Contribute to standards, guidelines, and best practices related to asset discovery and network visibility - Support risk management and compliance activities by providing fact based, defensible asset intelligence inputs - Professional Effectiveness - Demonstrate strong analytical thinking, attention to detail, and accountability in execution - Operate effectively both independently and as part of cross functional teams - Align day to day activities with broader enterprise objectives and organizational priorities The role will require the following Functional Competencies related to ARMIS Network Asset Intelligence : - ARMIS Platform Expertise - Demonstrated hands-on experience administering and operating the ARMIS Asset Intelligence Platform in a large, complex enterprise environment - Strong understanding of ARMIS device discovery methods, data ingestion sources, and telemetry interpretation - Ability to analyze ARMIS asset records for accuracy, completeness, and consistency across network, IT, and security domains - Experience supporting ARMIS use cases related to asset visibility, unmanaged device identification, and exposure analysis - Enterprise Networking Fundamentals - Solid understanding of enterprise network architectures, including LAN, WAN, WLAN, and data center environments - Proficiency with core networking concepts such as TCP/IP, VLANs, routing, switching, DNS, DHCP, and NAT - Ability to interpret network traffic patterns and device behavior to support accurate asset classification and discovery - Experience working with network-connected devices including switches, routers, firewalls, wireless controllers, IoT, and OT systems - Asset Discovery & Data Quality Management - Ability to validate discovered assets against known inventories and enterprise data sources - Skilled in identifying gaps, duplicates, misclassifications, and stale records within ARMIS datasets - Experience supporting data quality initiatives focused on improving asset coverage, accuracy, and trustworthiness - Strong attention to detail when reviewing asset attributes, ownership, site assignment, and integration mappings - Integration & Cross Tool Collaboration - Experience working alongside network, infrastructure, security, and platform teams to align ARMIS outputs with enterprise needs - Understanding of how ARMIS integrates with complementary tools (e.g., CMDBs, vulnerability scanners, network monitoring platforms) - Ability to communicate technical findings clearly to both technical and non technical stakeholders - Proven capability to support cross functional initiatives involving asset intelligence and risk visibility - Operational Support & Troubleshooting - Ability to troubleshoot ARMIS discovery issues, data discrepancies, and network visibility gaps - Experience analyzing root causes related to network configuration, sensor coverage, or integration limitations - Capable of supporting operational runbooks, standard operating procedures, and continuous improvement efforts - Comfortable working in regulated, security conscious enterprise environments with defined controls and processes - Documentation & Governance Support - Ability to document findings, assumptions, and outcomes in a clear and professional manner - Experience contributing to standards, guidelines, and best practices related to asset discovery and network visibility - Supports audit, risk, and compliance inquiries by providing fact based, defensible ARMIS insights - Professional & Analytical Skills - Solid analytical mindset with the ability to interpret complex technical data and draw actionable conclusions - Demonstrates accountability, consistency, and discipline when handling enterprise asset intelligence - Effective collaborator who can operate independently while aligning with broader program objectives You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: - Associate's degree - 3+ years of hands-on experience using ARMIS in an enterprise production environment - 3+ years of experience working with asset discovery, inventory, or visibility data in large, complex environments Preferred Qualifications: - Experience supporting asset intelligence or data quality initiatives at enterprise scale - Familiarity with enterprise governance, audit, or risk management processes related to asset data - Proven collaboration with network, infrastructure, or cybersecurity teams - Solid foundational knowledge of enterprise networking concepts and network connected devices - Demonstrated ability to analyze technical data and produce clear, accurate documentation - Proven ability to operate effectively in a regulated, security conscious enterprise organization *All Telecommuters will be required to adhere to UnitedHealth Group's Telecommuter Policy. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $91,700 - $163,700 annually based on full-time employment. We comply with all minimum wage laws as applicable. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location, and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups, and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.


