Sword Health is transforming healthcare by moving from a human-first model to an AI‑first approach through its AI Care platform. This shift makes high-quality care accessible anytime and anywhere while significantly lowering costs for payers, self‑insured employers, national health systems, and other healthcare organizations. The company first revolutionized pain management with AI and has since expanded into women’s health, movement health, and most recently mental health. Since 2020, over 700,000 members across three continents have completed 10 million AI sessions, helping more than 1,000 enterprise clients avoid over $1 billion in unnecessary healthcare spending. Supported by 42 clinical studies and more than 44 patents, Sword Health has raised over $500 million from top investors including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. More information is available at https://swordhealth.com.

As a GRC Analyst, you will play a central role in building trust and ensuring regulatory excellence at Sword Health. You will serve as the main point of contact for partners and clients, clearly communicating the company’s security posture to support business growth. In addition to managing external trust, you will oversee certification lifecycles and connect technical security controls with medical device quality standards. The ideal candidate is adaptable, able to shift quickly between initiatives, and comfortable supporting new products in a fast‑moving environment.

What you’ll do:
• Serve as the primary expert for all security and compliance inquiries, including questionnaires, RFPs, and M&A due diligence, while maintaining a comprehensive knowledge base to ensure accurate and timely responses.
• Manage certification lifecycles such as ISO 27001 and Cyber Essentials, ensuring continuous audit readiness and independently guiding external audit processes.
• Collaborate with the GRC team to strengthen existing programs and keep the mapping of controls to processes and documentation scalable.
• Work with the Quality Assurance and Regulatory Affairs team to align security frameworks with Medical Device Compliance efforts, ensuring coordinated preparation for the AI Act and other healthcare regulations.
• Partner with product teams to embed security‑by‑design, quickly understand new architectures, and ensure all compliance and security requirements are integrated into development workflows.
• Coordinate with Security, Product, Engineering, and IT teams to ensure security controls are adopted naturally within existing operations.
• Provide expertise and support for security and compliance training and contribute to broader GRC initiatives as needed.

What you need:
• At least 5 years of hands‑on GRC experience, with a strong history of leading audits and maintaining globally recognized security certifications.
• Practical experience with at least three frameworks such as ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST 800‑171, NIST 800‑53, GDPR, HIPAA, or PCI DSS.
• Excellent written and spoken English, with the ability to explain complex security concepts clearly to technical teams and external stakeholders.
• A solid understanding of how security controls apply to infrastructure and product environments, enabling proper mapping of requirements to technical procedures.
• A “wildcard” mindset—the ability to quickly learn new project contexts and outline a compliance path forward.
• Knowledge of both cybersecurity frameworks (such as ISO and NIS2) and privacy or regulatory frameworks (such as GDPR, the AI Act, or Medical Device regulations).
• Familiarity with Medical Device standards and regulations, including ISO 13485 and FDA Good Manufacturing Practices.
• Experience collaborating with cross‑functional teams such as Legal, Quality, and IT to achieve shared compliance objectives.

Salary range: €35,000–€70,000 per year.

This range includes base salary, variable compensation, and equity. These ranges serve as a starting point, and compensation may be adjusted for high‑performing employees. Job titles may cover multiple career levels. Actual compensation depends on skills, experience, qualifications, location, market factors, and other considerations. This includes the company’s estimate of stock option value, which may change and is not guaranteed. Sword also provides a variety of benefits.

Portugal – Benefits and Perks:
• Health, dental, and vision insurance
• Meal allowance
• Equity shares
• Remote work allowance
• Flexible hours
• Work‑from‑home options
• Discretionary vacation
• Snacks and beverages
• English classes

Note: This role does not include relocation support. Candidates must already have a valid EU visa and reside in Portugal.

Sword Health adheres to applicable civil rights laws and does not discriminate based on age, ancestry, color, citizenship, gender, gender expression, gender identity, gender information, marital status, medical condition, national origin, disability, pregnancy, race, religion, caste, sexual orientation, or veteran status.