Startup Jobs
Post a Job
Sword
Sword

GRC Analyst, Federal Programs

U.S.
Full-Time
Remote
$101,500 – $159,500 per year

TLDR

Own Sword's CMMC certification effort and drive FedRAMP readiness while contributing to a broader GRC function in a cutting-edge AI healthcare environment.

At Sword, we’re building AI to heal billions and unlock humanity’s full potential. In doing so, we’re pioneering AI Care, a fundamentally new approach to healthcare built for medical reasoning, safety, and real-time treatment, not generic technology applied after the fact. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale, removing traditional barriers like appointments, waiting rooms, and stigma so more people can access the care they need—and ultimately get back to lives lived in full. Since 2020, Sword has expanded across physical therapy, women’s health, cardiometabolic, and mental health, and is now moving beyond the session to a fully AI-native, 24/7 care program that brings physical activity, therapeutic exercise, psychotherapy, nutrition, and behavior change into one connected experience. More than 700,000 members across three continents have completed over 10 million AI sessions, helping 1,000+ enterprise clients avoid more than $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies, 44+ patents, and more than $500 million raised from leading investors including Khosla Ventures, General Catalyst, and Founders Fund, Sword is defining a new standard for healthcare.
AI Proficiency at Sword Health

AI fluency is a core expectation at Sword Health. Every candidate is assessed against our three-level framework — be ready to share real examples of how AI is already part of how you work.

  • Explorer (Level 1) — Uses AI daily to boost personal productivity

  • Builder (Level 2) — Creates workflows and tools that elevate the whole team

  • Integrator (Level 3) — Embeds AI into products and processes at scale

    • Every hire must demonstrate at least Level 1. The expected level will vary depending on the seniority of the role.

    What you’ll be doing

  • Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs;

  • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible;

  • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis;

  • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers;

  • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment;

  • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments;

  • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring;

  • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

    • What you need to have

  • 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP;

  • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort;

  • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements;

  • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision;

  • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams;

  • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments;

  • US citizenship required;

  • Ability to obtain a federal Public Trust designation if required by a sponsoring agency.

    • What we would love to see

  • CMMC Certified Professional (CCP) credential, or active pursuit of it;

  • CMMC Certified Assessor (CCA) credential;

  • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes;

  • Background in defense contracting or regulated health tech environments;

  • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001);

  • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

    • *This range includes base, variable and equity.



    These compensation bands are just the starting point. Once someone joins and proves they’re outlier talent, we adjust quickly to ensure their compensation aligns with their impact.

     

    Our job titles may span more than one career level. Actual pay is determined by skills, qualifications, experience, location, market demand, and other factors. Compensation details listed in this posting reflect the base salary and any potential variable, bonus or sales incentives, and the Company’s estimation of the value of private company stock options, if applicable. The pay range is subject to change, future value of company stock options is not guaranteed, and compensation may be modified in the future. In addition to our total compensation, Sword offers a number of benefits as listed below.
     
    US - Sword Benefits & Perks:
     
    • Comprehensive health, dental and vision insurance*
    • Life and AD&D Insurance*
    • Financial advisory services*
    • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)*
    • Health Savings Account*
    • Equity shares*
    • Discretionary PTO plan*
    • Parental leave*
    • 401(k)
    • Flexible working hours
    • Remote-first company
    • Paid company holidays
    • Free digital therapist for you and your family
     
    *Eligibility: Full-time employees regularly working 25+ hours per week
     
    Note: Applicants must have a legal right to work in the United States, and immigration or work visa sponsorship will not be provided.
     
    SWORD Health, which includes SWORD Health, Inc. and Sword Health Professionals (consisting of Sword Health Care Providers, P.A., SWORD Health Care Providers of NJ, P.C., SWORD Health Care Physical Therapy Providers of CA, P.C.*) complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.

    Benefits

    Flexible Work Hours

    Flexible working hours

    Health Insurance

    Comprehensive health, dental and vision insurance*

    Free digital therapist

    Free digital therapist for you and your family

    Paid Parental Leave

    Parental leave*

    Paid Time Off

    Discretionary PTO plan*

    Remote-Friendly

    Remote-first company

    Sword
    Sword

    Sword Health is transforming healthcare with its AI Care platform, making healthcare more accessible while drastically lowering costs for payers and organizations. Initially focused on pain management, Sword has expanded into women's health, movement health, and mental health, serving over 700,000 members across three continents and helping enterprise clients save over $1 billion in unnecessary healthcare expenses.

    Founded
    Founded 2015
    Employees
    201-500 employees
    Total raised
    $130M raised
    View company profile
    GRC Analyst
    Report this job
    Apply for this job