IT Compliance (GRC) Analyst

About us

LifeMD is a leading digital healthcare company committed to expanding access to virtual care, pharmacy services, and diagnostics by making them more affordable and convenient for all. Focused on both treatment and prevention, our unique care model is designed to optimize the patient experience and improve outcomes across more than 200 health concerns. 

To support our expanding patient base, LifeMD leverages a vertically-integrated, proprietary digital care platform, a 50-state affiliated medical group, a 22,500-square-foot affiliated pharmacy, and a U.S.-based patient care center. Our company — with offices in New York City; Greenville, SC; and Huntington Beach, CA — is powered by a dynamic team of passionate professionals. From clinicians and technologists to creatives and analysts, we're united by a shared mission to revolutionize healthcare. Employees enjoy a collaborative and inclusive work environment, hybrid work culture, and numerous opportunities for growth. Want your work to matter? Join us in building a future of accessible, innovative, and compassionate care.

About the role

We are seeking an inquisitive and collaborative IT Governance, Risk and Compliance (GRC) Analyst to support the IT compliance programs supporting SOX and HIPAA across our technology stack, including in-house developed systems and third-party SaaS platforms. You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications. 

Core Responsibilities

• Support SOX and HIPAA controls by helping design, document, and maintain ITGCs and operational controls
• Maintain documentation such as control narratives, flowcharts, risk and control matrices, and evidence repositories
• Assist remediation efforts by coordinating with IT and business teams, validating remediation evidence, and tracking closure of deficiencies
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage
• Support audits and vendor reviews by preparing workpapers, answering auditor questions, and helping with vendor control questionnaires
• Perform vendor and third-party assessments for SaaS providers ensuring appropriate controls are in place and evidenced

Requirements

Basic Qualifications:

• Bachelor’s degree in a related field or equivalent experience
• Relevant experience with IT controls, IT audit, SOX testing, IT risk, HIPAA, or related functions
• Practical understanding of HIPAA Security and Privacy requirements and how they apply to IT systems that handle PHI
• Technical foundation with identity and access management, change management, SDLC, backup and recovery, and logging/monitoring
• Hands-on experience collecting and organizing audit evidence and documenting control testing procedures

Preferred Qualifications:

• Relevant certification(s) (CISA, CRISC, CPA, CHPS)
• Healthcare or healthtech industry experience
• Written and verbal communication skills with the ability to create concise documentation and explain technical details to nontechnical stakeholders.

Benefits

• Health Care Plan (Medical, Dental & Vision)

• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Unlimited PTO Policy
• Paid Holidays
• Short Term & Long Term Disability
• Training & Development