Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Information Security GRC Analyst image - Rise Careers
Job details

Information Security GRC Analyst

Join us in creating a better way!

At eHealth, our mission is to expertly guide consumers through their health insurance and related options when, where, and how they prefer. We’re creating a better way – one that’s transparent and trustworthy for both our consumers externally and our employees internally. 

Move your career forward while connecting countless people to the life- changing, quality care they deserve. Our diverse team of innovators supports one another in solving some of the toughest challenges. We’re always on the lookout for creative opportunities to do right by our customers, and each other. Together, we’re creating a better way to work, united by our common passion to make a difference.

eHealth is America’s first and largest private online marketplace for health insurance, which allows individuals, families, and small businesses to compare insurance options side by side and enroll in coverage. Our mission is to help everyone find affordable Healthcare coverage through our website technology, consumer advocacy, and personalized customer assistance. The company has continued to evolve into an effective Expedia equivalent in the health care space. The increasing confidence that analysts and shareholders are demonstrating by our record share price is a testimony to our position in the health care market. Building a high-performance culture is critical for eHealth to continue on our path of intelligent and rapid growth and to win with our customers.

We’re looking for a versatile Governance, Risk, and Compliance (GRC) professional passionate about the people, processes, and technology that enable eHealth to achieve its mission. Your expertise will help to drive improvements to eHealth’s Information Security, Governance, Compliance, and Risk Assessment processes to empower sound decision-making. Your interpersonal skills will help foster a risk-aware culture throughout the company.

Compliance is a crucial pillar supporting eHealth’s overall Information Security Program. As an individual contributor on the GRC team, you will work with stakeholders across IT, Engineering, Legal, and HR along with other members of the GRC team. You will be responsible for assessing, evaluating, and making recommendations to leadership regarding the implementation of security controls aligned with SOC2 and eHealth's Risk Management program.

What you’ll do:

  • Assist with internal and external audit engagements (SOC2 Type II, HITRUST, PCI-DSS, SOX, etc.)
    • Gather control evidence to ensure the information provided fulfills the requirements
    • Organize audit evidence and manage the control and process libraries
    • Assist the business to assess, document and remediate risks identified during the assessment
  • Contribute to eHealth’s compliance maturity:
    • Work with the business to implement sound security controls aligned with the security policies and standards and identify control gaps
    • Develop metrics to report to management
  • Assist with Security awareness training and phishing campaign exercises
  • Work with business partners to respond to carrier security questionnaires
  • Evaluate new vendors for security concerns
  • Assess the status of projects to identify and implement appropriate corrective measures to resolve security concerns as they arise
  • Demonstrate eHealth’s values in your behaviors, practices, and decisions.

What you’ll bring:

  • A Bachelor's degree in Information Security, Information Systems or related field
  • 2+ years of experience working in an Information Security audit setting such as SOC2 and HITRUST, and knowledge of security controls including NIST, HIPAA, & Privacy
  • Ability to foster a collaborative working relationship in a fast-paced, team-oriented environment
  • Strong written and verbal communication skills with a proven ability to hold constructive discussions with the business to ensure information security risks are adequately addressed
  • We will consider candidates with equivalent work experience in lieu of a Bachelor’s.
  • Attention to detail and strong research skills
  • Ability to analyze problems from different angles and foster multiple perspectives
  • Experience with risk management tool administration and configuration is a plus
  • Ability to digest and translate technical language and relay to stakeholders outside of the Security field in understandable terms
  • Ability to exercise judgement within defined procedures and determine appropriate action with autonomy and support as needed

What we value:

You’ll be part of an open-minded and cohesive team that works toward shared goals. We’re passionate about growing a diverse and inclusive information security team at eHealth because it makes us a stronger company and we’re stronger together. eHealth is committed to creating an inclusive space for everyone, no matter what.

What we offer (benefits):

  • Generous benefits include medical, dental and vision beginning on your first day of employment
  • 401K with matching
  • Tuition reimbursement
  • Employee stock purchase program
  • 12 company paid holidays and flexible time off (PTO for non-exempt)

While this role is fully remote, all team members are expected to be available throughout each business day for video meetings and chats.

Please include a link to your LinkedIn profile, Github, and/or portfolio of

your work that you’d like to share with the hiring team. Profiles with these

will be prioritized.

PLEASE NO AGENCIES. We are NOT able to hire contractors through a 3rd party.

We are ONLY considering direct, full-time employment with eHealth in the US.

#LI-Remote

#LI-TB1

-

The base pay range reflects the anticipated pay range for this position. The actual base pay offered will depend on various factors including individual skills, experience, performance, qualifications, the department budget, and the location where work is performed. Base pay is one component of eHealth’s total rewards package, which also includes an annual performance bonus, plus an array of benefits designed to support employees’ personal and professional wellness. For more information on our total rewards offerings, please visit our career site.

-

Base Pay Range -$77,400 - $96,800

-

eHealth is an Equal Employment Opportunity employer. It is our policy to provide equal opportunity to all employees and applicants and to prohibit any discrimination because of race, color, religion, sex, national origin, age, marital status, sexual orientation, genetic information, disability, protected veteran status, or any other consideration made unlawful by applicable federal, state or local laws. The foundation of these policies is our commitment to treat everyone fairly and equally and to have a bias-free work environment.

Average salary estimate

$87100 / YEARLY (est.)
min
max
$77400K
$96800K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Information Security GRC Analyst, eHealth

At eHealth, we're excited to welcome an enthusiastic Information Security GRC Analyst to our remote team in the USA! If you're passionate about improving governance, risk, and compliance processes, you're in the right place. Here at eHealth, our mission is straightforward – we guide consumers through their healthcare insurance options with transparency and trust. As a vital member of our GRC team, you'll play a critical role in assessing and evaluating our Information Security measures, ensuring our practices align with SOC2 guidelines, and fostering a culture of risk awareness. You’ll collaborate with various stakeholders – from IT and Engineering to Legal and HR – to make informed recommendations regarding risk management and security controls. Your expertise will help us enhance our compliance maturity, manage audits, and instill sound security practices throughout the organization. We’re dedicated to professional growth, so you’ll enjoy a vibrant and supportive team atmosphere where creativity and collaboration thrive. This is not just any role; it’s an opportunity to contribute to meaningful solutions that directly impact people's lives. Join us in building a better workplace, where together, we can reshape how consumers access quality healthcare. If you have a Bachelor's in Information Security or a related field, along with some experience in audits like SOC2 and HITRUST, we’d love to hear from you! eHealth is committed to diversity and inclusivity, so if you share our values, let's connect and make a difference in the world of healthcare together.

Frequently Asked Questions (FAQs) for Information Security GRC Analyst Role at eHealth
What are the main responsibilities of the Information Security GRC Analyst at eHealth?

The Information Security GRC Analyst at eHealth is responsible for a range of critical functions, including assisting with internal and external audit engagements related to SOC2, HITRUST, and PCI-DSS, among others. You will gather and organize audit evidence, manage control and process libraries, assess and document risks, and work to implement effective security controls aligned with eHealth's policies and standards. This role is vital in driving compliance maturity and providing management with insightful metrics related to security processes.

Join Rise to see the full answer
What qualifications are required for the Information Security GRC Analyst position at eHealth?

To be considered for the Information Security GRC Analyst role at eHealth, candidates should possess a Bachelor's degree in Information Security, Information Systems, or a related field. Additionally, having 2+ years of experience in an Information Security audit setting, particularly with SOC2 and HITRUST, is essential. Strong communication skills and the ability to work collaboratively in a fast-paced environment will be vital for success in this role.

Join Rise to see the full answer
How does the Information Security GRC Analyst contribute to eHealth's mission?

The Information Security GRC Analyst contributes significantly to eHealth's mission of providing transparent and trustworthy healthcare options. By assessing, evaluating, and recommending the implementation of security controls, you help safeguard sensitive information and ensure compliance with regulatory standards. Your work not only protects the organization but also fosters confidence in the services we deliver to consumers, enabling them to find affordable healthcare coverage.

Join Rise to see the full answer
What kind of team culture can an Information Security GRC Analyst expect at eHealth?

At eHealth, the Information Security GRC Analyst can expect to join an open-minded, cohesive team that values collaboration and shared goals. Our culture promotes diversity and inclusion, recognizing that a diverse workforce drives stronger outcomes. The GRC team is passionate about problem-solving and is dedicated to supporting one another while fostering a risk-aware culture that empowers everyone to make significant contributions toward our mission.

Join Rise to see the full answer
What benefits does eHealth offer for the Information Security GRC Analyst role?

eHealth offers a comprehensive benefits package for the Information Security GRC Analyst, including medical, dental, and vision coverage starting on your first day. Additional perks include a 401K plan with matching, tuition reimbursement, an employee stock purchase program, and ample paid time off. eHealth is committed to ensuring the well-being of its employees, making this an attractive opportunity for those looking to grow in a supportive environment.

Join Rise to see the full answer
Common Interview Questions for Information Security GRC Analyst
Can you explain what SOC2 compliance means in the context of the Information Security GRC Analyst role?

Absolutely! SOC2 compliance is essential for information security analysts, especially at eHealth, where safeguarding consumer data is paramount. It's a framework that determines how a company manages customer data based on five trust services criteria: security, availability, processing integrity, confidentiality, and privacy. In your interview, you could discuss how you would identify control gaps and recommend strategies to align eHealth’s practices with SOC2 standards.

Join Rise to see the full answer
How do you assess and document risks in an organization?

Assessing and documenting risks involves a systematic approach. You begin by identifying potential security threats, analyzing their impact and likelihood, and then categorizing these risks based on your findings. In your response, illustrate your experience with risk assessments, tools utilized, and how you effectively communicated the results to stakeholders, including recommendations for remediation.

Join Rise to see the full answer
What strategies would you employ to foster a risk-aware culture at eHealth?

To foster a risk-aware culture, I would advocate for ongoing security awareness training and regular phishing exercises for employees. I would highlight the importance of transparency in communication concerning risks while encouraging feedback and discussions regarding security practices. Demonstrating the practical implications of security and compliance can help embed these values into the company culture.

Join Rise to see the full answer
What is your experience with internal and external audit engagements?

My experience with audits includes collaborating with cross-functional teams to prepare documentation and evidence for external auditors, ensuring compliance with frameworks like SOC2 and HITRUST. I would approach this question by discussing specific instances where I organized audit evidence, addressed findings, and worked closely with departments to remediate any identified gaps, showcasing a proactive approach.

Join Rise to see the full answer
How would you evaluate the security posture of a new vendor?

To evaluate a vendor’s security posture, I would conduct thorough due diligence by reviewing their security policies, previous audit reports, and any compliance certifications they possess. I would also focus on their incident response capabilities and data handling procedures. Presenting a structured approach during your answer will demonstrate your analytical skills and ability to protect eHealth’s interests.

Join Rise to see the full answer
What compliance frameworks are you familiar with, and how do they apply to the Information Security GRC Analyst position?

I am familiar with compliance frameworks such as NIST, HIPAA, and PCI-DSS, each of which serves different regulatory requirements. Discussing how these frameworks interconnect with eHealth's operations will illustrate your understanding of compliance needs. Be prepared to give examples of how you've previously implemented policies aligned with these frameworks in your work.

Join Rise to see the full answer
Describe how you would manage and organize audit evidence for a compliance engagement.

Managing audit evidence requires a meticulous approach. I would develop a structured system for organizing documentation, assigning responsibilities for evidence gathering, and ensuring timely submissions. Additionally, I would regularly update management on the status and readiness of the evidence to facilitate a smooth audit process. Highlighting past experiences will effectively convey your capabilities.

Join Rise to see the full answer
How do you handle conflicts when discussing security risks with non-technical stakeholders?

Handling conflicts with non-technical stakeholders requires patience and clarity. I would focus on translating technical jargon into understandable terms, building rapport, and listening to their concerns. I would emphasize the mutual goal of safeguarding eHealth’s interests, exploring compromises that address both security requirements and business needs. Demonstrating effective communication strategies in your response can be beneficial.

Join Rise to see the full answer
What metrics do you believe are essential to report to management for compliance maturity?

Essential metrics include risk assessment results, the status of remediation efforts, audit findings, and security training participation rates. I would also suggest reporting on the effectiveness of security controls, fraud incidents, and employee feedback on security awareness initiatives. This shows an understanding of what management needs to gauge compliance health effectively.

Join Rise to see the full answer
Why do you want to work as an Information Security GRC Analyst at eHealth?

I want to work at eHealth because of your commitment to transparency and improvement in healthcare access. I resonate with eHealth’s values and mission, and I see this as a unique opportunity to apply my expertise in a meaningful way. In your answer, articulate personal motivations, such as a desire to contribute to impactful work and being part of a culture that emphasizes diversity and teamwork.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
eHealth Remote USA Remote
VIEW
Posted 10 hours ago

Join eHealth as an Associate Sales Operations Manager to lead operational processes and drive efficiency in health insurance sales.

Photo of the Rise User
eHealth Remote USA Remote
VIEW
Posted yesterday

Join eHealth as a Sr. Software Development Engineer in Test to enhance our software quality and customer experience.

Photo of the Rise User
Amplify Remote Remote
VIEW
Posted 12 days ago
Badge Changemaker Badge Flexible Culture
Inclusive & Diverse
Empathetic
Collaboration over Competition
Growth & Learning
Diversity of Opinions

Amplify is looking for a skilled Salesforce Administrator to oversee its Service Cloud operations and improve customer service functionalities.

Photo of the Rise User
General Dynamics Information Technology Hybrid Arlington, VA
VIEW
Posted 4 days ago

As a Senior Information Assurance Security Engineer at GDIT, you will lead key security engineering activities for the F-35 Program, ensuring military aviation systems meet stringent cybersecurity standards.

Photo of the Rise User
Kaseya Careers Hybrid Miami, Florida, United States
VIEW
Posted 7 days ago

Step into the role of Senior Database Engineer at Kaseya, where your expertise in database management will support our mission of driving sustained business success.

P
Potomac Haven Inc Hybrid Washington, DC
VIEW
Posted 3 days ago

Join Potomac Haven as a Senior Database Developer to enhance data management frameworks within the Department of Homeland Security.

M
MUFGUB Remote Tempe, AZ
VIEW
Posted 9 days ago

Lead a team of penetration testers at MUFG to strengthen security measures and ensure effective vulnerability management.

Photo of the Rise User
Charles Schwab Remote US, Tarrant County, TX; Texas, Southlake, TX
VIEW
Posted 13 days ago

Join Schwab's innovative team as a Control M Developer, where you'll contribute to powerful data solutions in a hybrid work environment.

Photo of the Rise User
Peraton Hybrid UNAVAILABLE
VIEW
Posted 2 days ago

Join Peraton as a Database Administrator to enhance vital national security missions through expert database management and optimization.

Photo of the Rise User
Peraton Hybrid Virginia Beach
VIEW
Posted 11 days ago

Join Peraton as a Senior PC Technician and support critical IT operations for the Special Operation Command with your problem-solving expertise.

Photo of the Rise User eHealth

For over 25 years, eHealth, Inc. has expertly guided American consumers with innovative technology and licensed advisor support to help them find health insurance and related options. Through its proprietary health insurance marketplace at eHealth...

7 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
April 23, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
100+ people applied to Associate Cybersecurity Analyst, Intern - GRC Austin, TX at Visa
Photo of the Rise User
Someone from OH, Hamilton just viewed UPS Data Entry Clerk (Entry Level/No Experience) - Apply Now at UPS
Photo of the Rise User
49 people applied to (summer 2025) Information Security Student, Intern Job Details | Entergy at Entergy
C
Someone from OH, Akron just viewed Phlebotomy Technician - Outpatient at CCF
Photo of the Rise User
12 people applied to Cyber Security Analyst L4 (Microsoft Threat Protection | Windows at Diverse Lynx
Photo of the Rise User
Someone from OH, Solon just viewed Graphic Designer at Applause
Photo of the Rise User
Someone from OH, Akron just viewed Wealth Management Operations and HR Internship at Clearstead Advisors
Photo of the Rise User
15 people applied to Information Technology Specialist, Intermediate at Amentum
Photo of the Rise User
Someone from OH, North Canton just viewed NodeJs developer at BlackStone eIT
Photo of the Rise User
Someone from OH, North Canton just viewed Software Development Engineer - Recent Grads Welcome at Sonos
Photo of the Rise User
6 people applied to Applied AI Intern - Knowledge Ops at DevRev
Photo of the Rise User
50 people applied to Junior Open Source Intelligence Analyst at Control Risks
Photo of the Rise User
100+ people applied to Information/Cyber Security Intern at USAA
Photo of the Rise User
16 people applied to SOC Analyst I at CBIZ
Photo of the Rise User
Someone from OH, Dayton just viewed Data Entry and Word Processing at MoxieIT
Photo of the Rise User
Someone from OH, Dayton just viewed Content Developer - Intern at Big Ideas Learning
Photo of the Rise User
Someone from OH, Akron just viewed Customer Service Representative - 3rd Shift at Kreg Therapeutics
I
8 people applied to Dutch - Advanced AI Data Trainer at Invisible Agency
Photo of the Rise User
Someone from OH, Akron just viewed Leasing Consultant-Greenhouse and Gravity Apartments at Crawford Hoying
R
Someone from OH, Lancaster just viewed Associate /Senior Associate, Regulatory Affairs – Regulatory Operations at Rezolute
Photo of the Rise User
9 people applied to Sr. Threat Intelligence Analyst at Resilience
Photo of the Rise User
Someone from OH, Pickerington just viewed Salesforce Lead at Bounteous
Photo of the Rise User
Someone from OH, Pickerington just viewed Sr Business Systems Analyst, Salesforce (Customer Experience) at Natera
Photo of the Rise User
Someone from OH, Pickerington just viewed Industry Lead - High Tech (Salesforce) at Thunder
D
Someone from OH, Akron just viewed Junior Motion Designer at DEPT®
R
Someone from OH, Akron just viewed 2D Graphic and Motion Designer at Ruby Labs
Photo of the Rise User
10 people applied to Campus Undergraduate - 2025 Technology Mainframe Summer Internship Sunrise, FL at American Express
Photo of the Rise User
35 people applied to Cybersecurity Risk Analyst ( Remote ) at CVS Health
Photo of the Rise User
Someone from OH, Columbus just viewed Customer Success Manager, US SLED at Dataminr
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok