Senior Governance, Risk, Compliance; GRC Analyst at Oura , NY

Position: Senior Governance, Risk, Compliance (GRC) Analyst at Oura New York, NY Location: New York Overview Senior Governance, Risk, Compliance (GRC) Analyst job York, NY. At Oura, our mission is to empower every person to own their inner potential. With our award-winning Oura Ring and app, we help over 2.5 million people turn insights about sleep, activity, and readiness into healthier, more balanced lives. We believe that starts from within — by creating a culture where our team feels supported, included, and inspired to do their best work. Our values guide how we show up for each other and our community every day. This is a remote U.S. role with a strong preference for candidates based in the East Coast. We have offices in San Francisco and San Diego for those who prefer hybrid or office settings. Oura employees in other major cities (like Boston and New York) occasionally gather informally at local co-working locations.

Responsibilities

• Plan and lead strategic GRC initiatives such as attaining industry certification (e.g. SOC 2, HITRUST), as well as tactical initiatives for efficiency and automation.
• Policy & Procedure Management – Analyze, draft, update, and maintain security and compliance policies to align with regulatory requirements and industry best practices.
• Change Management Security Reviews – Collaborate with Product, Engineering, and Privacy teams to assess security risks in new product features, infrastructure changes, and business processes, and integrate Oura security controls within their workflows.
• Monitor and analyze regulatory changes and industry trends to ensure continuous improvement of the GRC program and maintain up-to-date compliance.
• Risk Management – Perform risk assessments, track remediation efforts, and collaborate with stakeholders to mitigate security and compliance risks.

Requirements

• Experience: 6+ years leading GRC, IT compliance, security, risk management projects.
• Compliance Knowledge: Strong understanding of various frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-171, ISO 27001, ISO 27799, CMMC, FedRAMP, and related frameworks.
• Technical Skills: Familiarity with IT environments, cloud environments, security controls, and compliance tooling (e.g., AWS, GCP, Git Hub).
• Risk & Audit Expertise: Hands-on experience conducting and leading risk assessments, managing audits, and supporting compliance reporting.
• Strong Communicator: Ability to translate compliance requirements into actionable policies and procedures.
• Certifications (Preferred): CGRC, CISA, CRISC, CISSP, or equivalent.

Benefits

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own plus employee discounts for friends & family
• 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
• Paid sick leave and parental leave Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. These ranges may be modified in the future. The ranges listed below are illustrative and may change based on location and market conditions.
• Region 1: $126,000 - $157,000
• Region 2: $115,000 - $144,000
• Region 3: $108,000 - $135,000 A recruiter can determine your zones/tiers based on your US location. Additional Info We are not considering candidates residing in the following states: Alaska (AK), Delaware (DE), Iowa (IA), Mississippi (MS), Missouri (MO), Nebraska (NE), Rhode Island (RI), South Dakota (SD), Vermont (VT), West Virginia (WV), and Wisconsin (WI). Oura is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. We will not tolerate discrimination or harassment based on any characteristic protected by law. We will provide reasonable accommodations to participate in the interview process and perform essential duties as needed. Disclaimer: Beware of fake job offers. Our jobs are listed only on the ŌURA Careers page and trusted job boards. We will never ask for personal information like payment for equipment upfront. Official offers are sent through Docusign after a verbal offer. To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias. Oura is not responsible for fees related to unsolicited resumes. #J-18808-Ljbffr Apply tot his job Apply To this Job

Apply tot his job Apply To this Job