GRC Analyst

TrackVia is a low-code platform-as-a-service (PaaS) that enables organizations to rapidly build secure, mission-critical applications and workflows without heavy development overhead. Serving both government and commercial customers, TrackVia operates in highly regulated environments where strong governance, risk management, and compliance are essential to customer trust and platform reliability.

Our Governance, Risk, and Compliance (GRC) function plays a critical role in enabling the TrackVia platform-embedding security and compliance into how we build, operate, and deliver our services, including maintaining FedRAMP Moderate authorization and supporting customers' compliance needs. We're a collaborative, fast-moving team that values ownership, clarity, and measurable impact.

We're seeking a talented GRC Analyst who is excited to build, support, and scale TrackVia's compliance programs across FedRAMP Moderate, SOC 2 Type II, and HIPAA.

This role is highly integrated into multiple aspects of the team, partnering closely with the IT & Compliance Lead along with the entire Product & Engineering team to ensure TrackVia continuously meets compliance through operational and security controls under your monitor.

The individual in this role is thrilled by structured, systematic compliance work, appreciates and understands audit processes and expectations, and can independently deliver and execute on defined cadences.

Support the execution and ongoing operation of TrackVia's Governance, Risk, and Compliance program, with an emphasis on recurring control activities, continuous monitoring, and audit readiness across multiple regulatory and assurance frameworks.

• Support ongoing FedRAMP Moderate authorization and continuous compliance for the TrackVia Government platform.
• Maintain SSPs, policies, procedures, and control narratives, ensuring alignment with implemented controls.
• Execute continuous monitoring activities, including access reviews, vulnerability scanning, and required attestations.
• Manage and update the POA&M, tracking risks and remediation status.
• Coordinate annual and periodic assessments and testing, including control reviews, IR, CP, and BCDR exercises.
• Respond to 3PAO and government review requests, providing evidence and clarifications.

• Own day-to-day execution of SOC 2 controls related to Security, Availability, and Confidentiality
• Perform quarterly and annual control self-assessments to ensure controls are operating as designed
• Collect and organize audit evidence throughout the audit period
• Support annual SOC 2 examinations, including auditor requests and walkthroughs
• Track and remediate any control observations or management action items

• Support ongoing HIPAA Security Rule and Breach Notification Rule compliance
• Perform and document periodic risk management and control reviews aligned with HIPAA requirements
• Coordinate annual HIPAA policy and procedure reviews
• Assist with incident response and breach notification readiness, including tabletop exercises
• Track remediation activities identified in HIPAA gap assessments

• Support customer security questionnaires and compliance attestations (e.g., ISO 27001-aligned requests, NIST CSF mappings)
• Assist with third-party risk management activities, including annual vendor reviews and evidence collection

• Maintain and improve compliance evidence repositories and control tracking workflows
• Support the operation of compliance tooling used to manage audits, evidence, and control testing
• Identify opportunities to streamline recurring compliance activities through automation and process improvements
• Partner with IT & Compliance Lead on employee IT requests as needed

• 4-7 years of hands-on experience in GRC, security compliance, or IT audit roles
• Direct experience supporting SOC 2 Type II and HIPAA compliance programs
• Practical experience executing controls with defined cadences (monthly, quarterly, annual)
• Familiarity with NIST 800-53 and risk-based control frameworks
• Experience collecting, organizing, and defending audit evidence
• Strong documentation, organization, and time-management skills

• Experience supporting or maintaining a FedRAMP Moderate authorization
• Exposure to or working knowledge of ISO 27001, HITRUST, GDPR, or similar frameworks
• Experience working in a SaaS or PaaS environment
• Familiarity with compliance automation tools (e.g., Vanta, Drata, GitLab, Confluence)

This role is expected to evolve into a senior individual contributor position as TrackVia's compliance footprint grows. The GRC Analyst will help establish scalable processes, documentation, and repeatable compliance workflows to support the future expansion of the IT & Compliance team.