Senior Governance, Risk and Compliance (GRC) Analyst

Salary: $126,000 Employment Type: Full-time Location Type: Remote (U.S. with strong preference for East Coast candidates)

Position Overview

At Oura, our mission is to empower every person to own their inner potential. We are seeking a Senior Governance, Risk and Compliance (GRC) Analyst to join our Security Team. This role will serve as a subject matter expert (SME) leading compliance, risk, and governance initiatives. You will help mature our security and compliance programs, including SOC 2, HIPAA, ISO27001, ISO27799, HITRUST, NIST 800-171, CMMC, and FedRAMP.

Responsibilities

• Strategic GRC Initiatives: Plan and lead strategic GRC initiatives, such as attaining industry certifications (e.g., SOC 2, HITRUST), as well as tactical initiatives for efficiency and automation.
• Policy & Procedure Management: Analyze, draft, update, and maintain security and compliance policies to align with regulatory requirements and industry best practices.
• Change Management Security Reviews: Collaborate with Product, Engineering, and Privacy teams to assess security risks in new product features, infrastructure changes, and business processes. Integrate Oura security controls within their workflows.
• Monitoring and Improvement: Monitor and analyze regulatory changes and industry trends to ensure continuous improvement of the GRC program and maintain up-to-date compliance.
• Risk Management: Perform risk assessments, track remediation efforts, and collaborate with stakeholders to mitigate security and compliance risks.

Requirements

• Experience: 6+ years of experience leading GRC, IT compliance, security, and risk management projects.
• Compliance Knowledge: Strong understanding of various frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-171, ISO27001, ISO27799, CMMC, FedRAMP, and related frameworks.
• Technical Skills: Familiarity with IT environments, cloud environments (AWS, GCP), security controls, and compliance tooling (e.g., GitHub).
• Risk & Audit Expertise: Hands-on experience conducting and leading risk assessments, managing audits, and supporting compliance reporting.
• Communication: Ability to translate compliance requirements into actionable policies and procedures.
• Certifications (Preferred): CGRC, CISA, CRISC, CISSP, or equivalent.

Company Information

At Oura, we believe that empowering our team starts from within, by creating a culture where our team feels supported, included, and inspired to do their best work. Our values guide how we show up for each other and our community every day.

Oura offers a remote U.S. work environment with offices in San Francisco and San Diego for those who prefer hybrid or office settings. Employees in other major cities may occasionally gather informally at local co-working locations.

Benefits

Oura cares about your well-being. Everyone at Oura receives an Oura Ring and we continually strive to improve employee health.

• Competitive salary and equity packages.
• Health, dental, vision insurance, and mental health resources.
• An Oura Ring of your own plus employee discounts for friends & family.
• Generous paid time off: 20 days of paid time off, 13 paid holidays, plus 8 days of flexible wellness time off.
• Paid sick leave and parental leave.

Note: Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. Successful candidates' pay will be determined based on job-related skills, experience, qualifications, and work location.