Security GRC Analyst

About The Position

Requirements

• Someone who thrives in a remote environment and collaborates proactively.
• A natural question‑asker who seeks clarity early and communicates well in virtual channels.
• Strong attention to detail with a willingness to learn complex subject matter.
• Clear written and verbal communication, especially when responding to client security inquiries.
• Dependability, organization, and comfort managing multiple incoming requests.
• Interest in how security controls, audits, and risk processes work in a regulated environment.
• Ability to work with both technical and non‑technical partners.
• A customer‑service mindset focused on accuracy, timeliness, and transparency.
• Bachelor’s degree preferred but not required. Related degrees may include Information Security, Cybersecurity, Computer Science, Information Systems, Information Technology, Management Information Systems, Data Analytics, Business with an IT or Security focus, or any other technical or analytical field.
• One year of professional experience preferred, including internships or entry‑level roles.
• Foundational understanding of information security or interest in developing it quickly.
• Strong documentation, organization, and follow‑through.
• One foundational certification such as CompTIA Security+, CC, or ISO 27001 Foundations is required within 12 months.

Nice To Haves

• Experience with security questionnaires, audits, or compliance work is helpful but not required.
• Exposure to frameworks such as SOC 2, HITRUST, NIST CSF, PCI, or HIPAA is a plus.
• Familiarity with cloud environments or control frameworks is helpful.
• Experience with tools like Archer, Drata, Vanta, or ServiceNow GRC is a plus but not required.
• Additional certifications such as CISA, CRISC, CGRC, or CCSFP are a plus.

Responsibilities

• Support the intake, review, and completion of client security questionnaires and assessments.
• Support contract reviews by coordinating with Privacy, Security, Legal, and Compliance and learning how to identify risks, missing terms, and required redlines.
• Develop strong working knowledge of HealthEquity’s security policies, standards, and controls so you can confidently and accurately respond to client inquiries.
• Organize and validate evidence for external audits and certifications such as SOC 2, HITRUST, PCI, HIPAA, or FedRAMP.
• Assist with internal control reviews and risk assessments by documenting gaps and identifying improvement opportunities.
• Support maintenance and update security control inventories, mappings, and evidence repositories.
• Partner with control owners across Security, IT, and Compliance to ensure timely and complete audit responses.
• Support tracking of remediation items, control testing cycles, and continuous monitoring activities.
• Contribute to standard operating procedures, process documentation, and repeatable GRC playbooks.
• Help create awareness, training materials, and guidance for internal teams and client‑facing groups.

Benefits

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Full-time team members receive a minimum of 18 days of annual PTO and 13 paid holidays per year
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives