Governance, Risk & Compliance Analyst
Remote
Full Time
#Information Security
#Healthcare Technology
#Compliance
#ISO 27001
#SOC 2
#GDPR
#HIPAA
#Risk Management
#Leadership
#AI
Sword Health is on a mission to shift the healthcare landscape from a human-first approach to an AI-first model. We are making world-class care accessible anytime and anywhere, while simultaneously driving down costs for national health systems, self-insured employers, and various healthcare organizations. Since our inception, we have successfully reinvented pain care and expanded our reach into women’s health, movement health, and mental health. With over 700,000 members across three continents and 10 million AI sessions completed, we are proud to have helped our enterprise clients avoid over $1 billion in unnecessary costs. Backed by extensive clinical research and significant investment from industry leaders, we are looking for passionate individuals to help us continue this journey.
About the Role
We are seeking a Senior Governance, Risk & Compliance (GRC) Analyst to join our team on a full-time basis. In this role, you will serve as a primary driver of trust and regulatory excellence at Sword Health. You will act as the main point of contact for our partners and clients, translating our security posture into clear, authoritative responses that support our business growth. You will also take full ownership of certification lifecycles and bridge the gap between technical security controls and medical device quality standards within our fast-paced, innovative environment.
Key Responsibilities
- Serve as the primary subject matter expert for security and compliance inquiries, including RFPs, security questionnaires, and M&A due diligence, while maintaining a robust knowledge base.
- Manage end-to-end certification lifecycles, such as ISO 27001, ensuring consistent audit readiness and leading external audits independently.
- Partner with our Quality Assurance & Regulatory Affairs team to align security frameworks with medical device compliance, ensuring a unified approach to regulations like the AI Act.
Requirements
To succeed in this role, you should bring the following qualifications and skills:
- At least 5 years of hands-on experience in GRC, with a proven history of leading audits and maintaining international security certifications.
- Practical experience with at least three major frameworks, such as ISO 27001, SOC 2, HITRUST, GDPR, HIPAA, or NIST.
- An exceptional command of English, with the ability to explain complex security concepts to both technical teams and external stakeholders.
- A strong understanding of how security controls apply to product and infrastructure environments.
- Familiarity with medical device regulations like ISO 13485 and FDA Good Manufacturing Practices.
- Proven ability to use LLMs to streamline GRC workflows, including drafting, summarizing, and analyzing tasks.
- A flexible, problem-solving mindset that allows you to quickly adapt to new product initiatives and define compliance paths.
Location
This position is based in Portugal. Please note that candidates must already possess a valid EU visa and be located within the country, as we do not offer relocation assistance.
Compensation and Benefits
We provide a supportive and flexible environment designed to help you thrive. Our benefits package includes:
- Equity compensation to ensure you share in our success.
- Comprehensive medical, dental, and vision insurance.
- Unlimited vacation and flexible working hours.
- A remote-friendly culture with a dedicated work-from-home allowance.
- Additional perks including a meal allowance, snacks, and English classes.
- Access to our internal health and well-being program, which includes digital therapist sessions.






