Support and contribute to established compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, and readiness efforts for ISO 27001, ISO 42001, and ITGC-SOX, under the guidance of senior compliance leadership.
Execute day-to-day audit and assessment activities such as evidence collection, coordination of internal interviews, documentation review, and remediation tracking.
Partner closely with engineering, IT, security, and business teams to validate that controls are implemented and operating as designed.
Assist with third-party risk management and supply chain compliance activities, including vendor due diligence and ongoing monitoring.
Contribute to customer assurance efforts, including drafting questionnaire responses and participating in customer calls alongside more senior compliance team members.
Support the execution and maintenance of Business Continuity and Disaster Recovery plans, including documentation updates and testing coordination.
Operate and maintain the GRC tooling, ensuring evidence is accurate, complete, and audit-ready.
Perform internal control testing and risk assessments, document gaps, and support remediation tracking and follow-up.
Draft and maintain policies, procedures, and SOPs in alignment with established standards and frameworks.
Perform continuous monitoring activities such as access reviews, control testing, and artifact updates.
Escalate risks, blockers, or ambiguity appropriately, providing timely updates and context to senior compliance leadership.

Requirements

Bachelor’s degree plus 5+ years of experience in a GRC, IT compliance, security, or risk-focused role.
Hands-on experience supporting audits and assessments aligned to frameworks such as SOC 2, HITRUST, HIPAA, GDPR, ISO 27001, and SOX ITGCs.
Foundational experience supporting Business Continuity and Disaster Recovery (BCDR) activities, including documentation maintenance, testing coordination, and alignment to frameworks such as SOC 2, ISO 27001, and HITRUST.
Working knowledge of control execution, evidence requirements, and audit processes.
Ability to operate independently within defined scope while seeking guidance on complex or novel issues.
Strong organizational skills and attention to detail in managing documentation and deadlines.
Clear written and verbal communication skills, with comfort collaborating across technical and non-technical teams.

Benefits

Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
Employer sponsored 401(k) match of up to 2% for retirement planning
A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
We offer competitive paid time off policies including vacation, sick leave and company holidays.
At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals.
Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
Access to Wellhub, which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
Up to $1,000 Professional Development Reimbursement a year.
$200 per year donation matching to support your favorite causes.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOC 2 Type IIHITRUSTHIPAAGDPRISO 27001ISO 42001ITGC-SOXaudit processesrisk assessmentsBusiness Continuity and Disaster Recovery

Soft Skills

organizational skillsattention to detailwritten communicationverbal communicationcollaborationindependenceproblem-solving