Senior GRC Analyst

Remote, USA

Full Time Senior-level / Expert
Color logo
From population genomics to high throughput COVID-19 testing, Color provides the technology & infrastructure for large scale health initiatives. Learn more.
Apply now Apply later

Named by Rock Health as the Best Digital Health Company to Work For, Color is a leading healthcare technology company. Color is building and delivering technology-enabled healthcare to millions of people. Through partnerships with public and private partners including governments, employers and health systems, Color’s infrastructure and software enables large populations to receive essential healthcare services directly where they live or work. This includes testing and telehealth services for preventive health and infectious disease management.
Since March 2020, Color has mobilized to address the pandemic by leveraging its platform to scale COVID-19 testing programs around the country. Color’s platform is used by more than 100 major employers, universities and public health institutions, such as the City of San Francisco, the State of California and PerkinElmer, community-based efforts in Oakland, and others, to deliver critical health programs. For more information about Color and its response to COVID-19, visit
By investing in the technology that ensures easy and affordable access to healthcare, Color is creating the infrastructure that will serve us for decades to come. Apply to join Color and do some of the most important work of your career. If you are not sure that you're 100% qualified, but are up for the challenge - we want you to apply!
We are looking for someone to join our Information Security team to help with our legal and regulatory compliance readiness. This is a Full-time employment position. 

How You’ll Contribute:

  • Oversee Color’s security compliance initiatives according to legal, regulatory and contractual obligations, not only for today but planning for Color’s future growth.
  • Collaborate with engineers and other cross-functional stakeholders to enhance Color’s security and compliance capabilities
  • Use technology to automate Governance, Risk Management and Compliance (GRC) activities like gathering control evidence, and testing controls.
  • Operationalize and report on the health & effectiveness of Color’s Compliance program by building and reporting  metrics, with opportunities to present to senior leadership.
  • Provide guidance to stakeholders based on the annual Compliance program operating plan,  for team and resource management so we can provide successful security & compliance assurance for our platforms.
  • Review and validate the relevant security controls and applicable security & compliance policies for all systems within scope. .
  • Perform governance support and reporting of Color’s Security & Compliance program.
  • Develop and manage the policy, procedure and supporting documentation lifecycle, working with stakeholders across the company.
  • Participate in the security & compliance  assessment and audit processes for Color systems and services.
  • Manage the planning, execution and monitoring of any NIST 800-53 Plan of Actions & Milestones (POA&Ms). Support the POA&M lifecycle as required, including waivers and exceptions detailing the potential risks to the relevant stakeholders.
  • Contribute to the development of customer-facing materials covering topics related to security, compliance, and audit results to help customers manage their own audit efforts involving Color products more effectively.
  • Contribute to ongoing efforts to standardize and improve controls & audit readiness testing techniques, suggesting program-level improvements.
  • Manage Internal Audit and Customer Audit of services and solutions as necessary, assisting with third party requests for information on our program.
  • Lead the response to customer security questionnaires, RFPs, and inquiries about our Security & Compliance program.

Our Ideal Candidate Will Have:

  • 5+ years experience in audit or compliance readiness roles.
  • Recent experience with regulatory or compliance frameworks such as HIPAA, NIST 800-53, SOC 2, ISO 27001. 
  • Ability to translate compliance requirements for technical implementations in complex environments. 
  • A passion for improving processes beyond the status quo and making things better. 
  • A growth mindset, bringing new ways of learning and awareness about controls and compliance to the company.
  • Experience in designing, testing, implementing, and reviewing internal controls. 
  • Experience with cloud environments such as Amazon Web Services. 
  • Experience in Public Sector Compliance and Security - ConMon Management, ATO management.
  • Exposure to software version control systems and services such as GitHub.
  • Adept at project management and analysis work, including facilitation, interpretation, note-taking, and documentation.

Nice to Have:

  • Experience in Digital Health or SaaS organizations operating in highly regulated industries.
  • Experience with the General Data Protection Regulation or California Consumer Privacy Act.
  • Some experience with automating manual processes and workflows, and scripting.
  • Certifications from ISC2, ISACA, or IAPP are a plus.
Color is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Color prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Color conforms to the spirit as well as to the letter of all applicable laws and regulations.
COVID-19 Vaccination Requirement: Color requires anyone working onsite or visiting Color’s offices to confirm they are fully vaccinated against COVID-19 unless a medical or religious accommodation is timely requested and approved.  Please reach out if you have questions or concerns about this policy and how it may apply to your candidacy for a role with Color.
Job region(s): North America
Job stats:  0  0  0
  • Share this job via
  • or

Explore more Remote Work and WFH career opportunities