We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Senior Governance, Risk, Compliance (GRC) Analyst at Oura. At Oura, our mission is to empower every person to own their inner potential. With our award-winning Oura Ring and app, we help over 2.5 million people turn insights about sleep, activity, and readiness into healthier, more balanced lives. We believe that starts from within — by creating a culture where our team feels supported, included, and inspired to do their best work. . Our values. guide how we show up for each other and our community every day.. This is a remote U.S. role with a strong preference for candidates based in the East Coast. We have offices in San Francisco and San Diego for those who prefer hybrid or office settings. Oura employees in other major cities (like Boston and New York) occasionally gather informally at local co-working locations.. We are looking for a Senior Governance, Risk and Compliance (GRC) Analyst to join our Security Team.  This role will serve as a subject matter expert (SME) leading compliance, risk, and governance initiatives. Working alongside the Governance Risk and Compliance Team, the Senior GRC Analyst will help mature our security and compliance programs such as SOC 2, HIPAA, ISO27001, ISO27799, HITRUST, NIST 800-171, CMMC, and FedRAMP.. The ideal candidate has hands-on experience leading and implementing compliance frameworks, conducting risk assessments, supporting audits, and developing policies that drive security and business alignment.. What you will do:. . Plan and lead strategic GRC initiatives such as attaining industry certification (e.g. SOC 2, HITRUST), as well as tactical initiatives for efficiency and automation.. . Policy & Procedure Management – Analyze, draft, update, and maintain security and compliance policies to align with regulatory requirements and industry best practices.. . Change Management Security Reviews – Collaborate with Product, Engineering, and Privacy teams to assess security risks in new product features, infrastructure changes, and business processes, and integrate Oura security controls within their workflows.. . Monitor and analyze regulatory changes and industry trends to ensure continuous improvement of the GRC program and maintain up-to-date compliance.. . Risk Management – Perform risk assessments, track remediation efforts, and collaborate with stakeholders to mitigate security and compliance risks.. . We would love to have you on our team if you have:. . Experience: 6+ years leading GRC, IT compliance, security, risk management projects.. . Compliance Knowledge: Strong understanding of various frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-171, ISO27001, ISO27799, CMMC, FedRAMP, and related frameworks.. . Technical Skills: Familiarity with IT environments, cloud environments, security controls, and compliance tooling (e.g., AWS, GCP, GitHub).. . Risk & Audit Expertise: Hands-on experience conducting and leading risk assessments, managing audits, and supporting compliance reporting.. . Strong Communicator: Ability to translate compliance requirements into actionable policies and procedures.. . Certifications (Preferred): CGRC, CISA, CRISC, CISSP, or equivalent.. . Company Location: United States.