Governance, Risk & Compliance Analyst
Sword HealthPortugal1 day ago
Full-timeRemote FriendlyLegal
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com.
Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com.
As a GRC Analyst, you will be a key driver of trust and regulatory excellence at Sword Health. You will act as the primary interface for our partners and clients, translating our security posture into clear, authoritative responses that enable business growth. Beyond external trust, you will take ownership of certification lifecycles and bridge the gap between technical security controls and medical device quality standards. We are looking for an agile problem-solver who can pivot quickly to support new products and initiatives in a way that aligns with our fast-paced innovation.
What you’ll be doing:
Sword Health complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.
Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com.
As a GRC Analyst, you will be a key driver of trust and regulatory excellence at Sword Health. You will act as the primary interface for our partners and clients, translating our security posture into clear, authoritative responses that enable business growth. Beyond external trust, you will take ownership of certification lifecycles and bridge the gap between technical security controls and medical device quality standards. We are looking for an agile problem-solver who can pivot quickly to support new products and initiatives in a way that aligns with our fast-paced innovation.
What you’ll be doing:
- Acting as the primary subject matter expert for all security and compliance inquiries, including security questionnaires, RFPs, and M&A due diligence; building and maintaining a robust knowledge base to ensure accurate and efficient responses to partners and clients
- Taking end-to-end ownership of certification lifecycles, such as ISO 27001 and Cyber Essentials; ensuring year-round audit readiness, managing the certification process from start to finish, and independently leading external audits
- Working closely with the GRC team to improve existing programs, ensuring that our mapping of controls to processes and documentation remains robust and scalable as we grow
- Partnering with the Quality Assurance & Regulatory Affairs (QARA) team to bridge the gap between security-focused frameworks and Medical Device Compliance initiatives, ensuring a unified approach to the AI Act and other healthcare-specific regulations
- Collaborating with product teams on existing and upcoming initiatives to ensure security-by-design; quickly learning new product architectures and partnering with stakeholders to ensure all necessary compliance and security controls are integrated smoothly into the development lifecycle
- Collaborating with Security, Product, Engineering, and IT teams to ensure that security controls are naturally integrated into their existing workflows without creating operational friction
- Providing subject matter expertise and support for security and compliance training, as well as other general GRC initiatives as they arise
- 5+ years of hands-on experience in GRC, with a proven track record of leading audits and maintaining certifications for internationally recognized security standards
- Hands-on experience with at least three of the following frameworks: ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST SP 800-171, NIST SP 800-53, GDPR, HIPAA or PCI DSS
- Exceptional command of the English language, both written and spoken. You must be able to communicate complex security concepts clearly and authoritatively to both technical teams and external stakeholders
- A strong understanding of how security controls apply to Infrastructure and Product environments to effectively map requirements to technical work instructions
- A "wildcard" mindset—the ability to be dropped into a new project or product initiative, learn the context quickly, and define the necessary compliance path forward
- Familiarity with the intersection of cybersecurity (ISO, NIS2) and privacy/regulatory frameworks (GDPR, AI Act, or Medical Device regulations)
- Familiarity with Medical Device certifications and regulations, such as ISO 13485 and FDA’s Good Manufacturing Practices (GMP)
- Proven experience using LLMs to accelerate personal workflows, including drafting, summarizing, and analyzing GRC-related tasks to achieve significant individual productivity gains
- Demonstrated ability to design and implement AI-driven automations or integrated workflows that replace manual processes and enhance productivity at a team level is a strong plus
- Experience working across diverse teams such as Legal, Quality, and IT to align on shared compliance goals
- Health, dental and vision insurance
- Meal allowance
- Equity shares
- Remote work allowance
- Flexible working hours
- Work from home
- Discretionary vacation
- Snacks and beverages
- English class
Sword Health complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.
- This range includes base, variable and equityThese compensation bands are just the starting point. Once someone joins and proves they’re outlier talent, we adjust quickly to ensure their compensation aligns with their impact.Our job titles may span more than one career level. Actual pay is determined by skills, qualifications, experience, location, market demand, and other factors. Compensation details listed in this posting reflect the base salary and any potential variable, bonus or sales incentives, and the Company’s estimation of the value of private company stock options, if applicable. The pay range is subject to change, future value of company stock options is not guaranteed, and compensation may be modified in the future. In addition to our total compensation, Sword offers a number of benefits as listed below
Key Skills
Ranked by relevanceReady to apply?
Join Sword Health and take your career to the next level!
Application takes less than 5 minutes