GRC Analyst for AI‑Driven Healthcare Compliance

last updated June 5, 2026 1:06 UTC

Sword Health

HQ: Hybrid

more jobs in this category:

  • -> Virtual Administrative Assistant @ NothernTrust
  • -> AI Training for People Operations Experts @ Remotasks
  • -> Remote Finance Lead @ Red Hot Marketing LLC
  • -> Remote CFO ($100k/yr) @ Thompson & Thompson Consulting
  • -> Virtual Assistant @ Solesdi US

Sword Health is reshaping healthcare by shifting from a human‑first model to an AI‑first approach through its AI Care platform. This transition delivers high‑quality care anytime and anywhere while substantially reducing costs for payers, self‑insured employers, national health systems, and other healthcare organizations. The company first disrupted pain management with AI and has since expanded into women’s health, movement health, and most recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping over 1,000 enterprise clients avoid more than $1 billion in unnecessary healthcare expenses. Backed by 42 clinical studies and over 44 patents, Sword Health has secured more than $500 million in funding from leading investors such as Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at https://swordhealth.com.

As a GRC Analyst, you will be essential in building trust and maintaining regulatory excellence at Sword Health. You will act as the primary contact for partners and clients, effectively communicating the company’s security posture to support business expansion. Along with managing external trust, you will oversee certification lifecycles and align technical security controls with medical device quality standards. The ideal candidate is flexible, able to switch quickly between projects, and comfortable supporting emerging products in a fast‑paced environment.

What you’ll do:
• Act as the main expert for all security and compliance inquiries—including questionnaires, RFPs, and M&A due diligence—while keeping an accurate and comprehensive knowledge base.
• Handle certification lifecycles such as ISO 27001 and Cyber Essentials, ensuring ongoing audit readiness and independently managing external audit processes.
• Work with the GRC team to enhance existing programs and maintain scalable mappings between controls, processes, and documentation.
• Partner with the Quality Assurance and Regulatory Affairs teams to align security frameworks with Medical Device Compliance, supporting preparation for the AI Act and other healthcare regulations.
• Collaborate with product teams to integrate security‑by‑design, quickly learn new architectures, and ensure all compliance and security requirements are embedded in development workflows.
• Coordinate with Security, Product, Engineering, and IT teams to ensure security controls are naturally incorporated into daily operations.
• Provide guidance for security and compliance training and contribute to broader GRC initiatives as needed.

What you need:
• At least 5 years of hands‑on GRC experience with a strong record of leading audits and maintaining well‑recognized global security certifications.
• Practical knowledge of at least three frameworks, such as ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST 800‑171, NIST 800‑53, GDPR, HIPAA, or PCI DSS.
• Excellent written and spoken English, with the ability to clearly communicate complex security topics to technical teams and external partners.
• Strong understanding of how security controls apply across infrastructure and product environments, enabling accurate mapping of requirements to technical practices.
• A flexible, “wildcard” mindset—the ability to quickly understand new project contexts and outline a clear compliance path.
• Knowledge of cybersecurity frameworks (such as ISO and NIS2) as well as privacy and regulatory frameworks (such as GDPR, the AI Act, or Medical Device regulations).
• Familiarity with Medical Device regulations and standards, including ISO 13485 and FDA Good Manufacturing Practices.
• Experience collaborating with cross‑functional groups such as Legal, Quality, and IT to meet shared compliance goals.

Salary range: €35,000–€70,000 per year.

This range includes base pay, variable compensation, and equity. These figures are starting points, and compensation may be adjusted for high‑performing employees. Job titles may span multiple seniority levels. Actual compensation depends on skills, experience, qualifications, location, market conditions, and other factors. This includes the company’s estimate of stock option value, which may fluctuate and is not guaranteed. Sword also offers a variety of benefits.

Portugal – Benefits and Perks:
• Health, dental, and vision coverage
• Meal allowance
• Equity shares
• Remote work allowance
• Flexible hours
• Work‑from‑home options
• Discretionary vacation
• Snacks and beverages
• English classes

Note: This role does not offer relocation assistance. Candidates must already hold a valid EU visa and live in Portugal.

Sword Health complies with applicable civil rights laws and does not discriminate based on age, ancestry, color, citizenship, gender, gender identity or expression, genetic information, marital status, medical condition, national origin, disability, pregnancy, race, religion, caste, sexual orientation, or veteran status.

Apply info ->

To find out more about this job, please visit this link

Shopping Cart
There are no products in the cart!
Total
 0.00
0