Senior GRC Analyst, HIPAA

DoorDash
San Francisco, California, United StatesPosted 18d ago

Apply to this job with Jobbie

Jobbie fills out the application and submits it for you — no forms, no cover letters, no retyping your resume.

Sign up to apply

Job description

<div class="content-intro"><p><img style="display: none; max-width: 100%;" src="https://click.appcast.io/greenhouse-te8/a31.png?ent=34&amp;e=22630&amp;t=1701374353806" width="1px"> <img style="display: none; max-width: 100%;" src="https://track.jobadx.com/v1/i.gif?utm_pixel=224e990b-8ff4-4287-8d5d-2ff09647f181&amp;utm_ptz=EST&amp;utm_rqt=track" alt="" width="1"></p></div><h2><strong>About the Team</strong></h2> <p>At DoorDash, Security is critical to earning and maintaining trust across our global marketplace. The Governance, Risk, and Compliance team partners across Security, Engineering, Product, Legal, Privacy, IT, and business teams to translate regulatory, customer, and contractual obligations into scalable controls and practical security outcomes.</p> <p>We are looking for a Senior GRC Analyst, HIPAA to help mature and operate HIPAA-related security and compliance programs across DoorDash. This role will support multiple ongoing HIPAA workstreams, partner closely with engineering teams, and help ensure regulated data environments are designed, operated, and monitored in a secure, compliant, and scalable way.</p> <h2><strong>About the Role</strong></h2> <p>As a Senior GRC Analyst, HIPAA, you will be a subject matter expert for HIPAA security compliance within DoorDash’s GRC function. You will be responsible for turning legal requirements into operational controls, map them to DoorDash controls, assess gaps, drive remediation, and support audit-ready evidence across technical and operational environments.</p> <p>This is a senior individual contributor role for someone who has implemented and managed HIPAA programs in a technology company or similarly complex regulated environment. You will work directly with Engineering, Product, Security Engineering, Legal, IT, and business stakeholders to make HIPAA compliance practical, measurable, and sustainable.</p> <h2><strong>You’re excited about this opportunity because you will…</strong></h2> <ul> <li>Lead and support HIPAA security compliance workstreams across multiple products, platforms, systems, and engineering teams.</li> <li>Turn legal requirements&nbsp; into actionable technical and operational control requirements.</li> <li>Perform HIPAA readiness assessments, gap analyses, risk assessments, and control design/effectiveness reviews across cloud, SaaS, data, and internal tooling environments.</li> <li>Build and maintain control mappings across HIPAA, HITRUST, SOC 2, ISO 27001, NIST 800-53, and DoorDash security standards.</li> <li>Partner with Engineering and Security Engineering to implement scalable controls across IAM, encryption, logging and monitoring, vulnerability management, secure SDLC, incident response, data retention, and access review processes.</li> <li>Maintain HIPAA security program documentation, including policies, standards, procedures, control narratives, evidence requirements, risk registers, exception records, and remediation plans.</li> <li>Support internal and external audits, partner/customer assessments, security questionnaires, and compliance evidence collection.</li> <li>Partner with Legal, and Security Operations on incidents involving PHI/ePHI, including compliance impact analysis, documentation, and remediation tracking.</li> <li>Mature GRC tooling, workflows, dashboards, and continuous control monitoring to reduce manual compliance overhead.</li> <li>Provide practical guidance to technical and non-technical stakeholders so HIPAA requirements are understood, adopted, and embedded into day-to-day engineering practices.</li> <li>Monitor regulatory, framework, and industry changes related to HIPAA, HITRUST, healthcare security, and regulated data environments.</li> </ul> <h2><strong>We’re excited about you because…</strong></h2> <ul> <li>You have <strong>6+ years of experience</strong> in security compliance, GRC, risk management, audit, privacy/security operations, or related information security roles.</li> <li>You have 3+ years of hands-on experience implementing, operating, or materially maturing HIPAA programs in a technology, SaaS, health-tech, or highly regulated environment.</li> <li>You have strong working knowledge of HIPAA Security Rule requirements and practical experience applying HIPAA safeguards to cloud, SaaS, data, and engineering environments.</li> <li>You understand how PHI/ePHI flows through modern systems and can partner with engineering teams on data classification, access controls, encryption, logging, retention, and secure data handling.</li> <li>You have experience with adjacent frameworks and standards such as HITRUST, SOC 2, ISO 27001, NIST 800-53, PCI DSS, GDPR or CCPA.</li> <li>You have led or supported audits, compliance assessments, control testing, evidence collection, risk assessments, and remediation programs.</li> <li>You can translate complex compliance requirements into clear, actionable tasks for Engineering, Product, Security, IT, Legal, and Privacy stakeholders.</li> <li>You have enough technical fluency to understand cloud architecture, APIs, IAM, CI/CD, infrastructure-as-code, logging, vulnerability management, and security monitoring concepts.</li> <li>You communicate clearly, write high-quality documentation, manage multiple workstreams independently, and drive cross-functional progress without direct authority.</li> <li>You are pragmatic: you know how to reduce real risk while enabling teams to move quickly and responsibly.</li> </ul> <h3><strong>Preferred Qualifications</strong></h3> <ul> <li>Experience working directly with Engineering or Security Engineering teams in a high-growth technology company.</li> <li>Experience building or scaling a HIPAA program rather than only maintaining an existing checklist.</li> <li>Experience with HITRUST certification, SOC 2 audits, ISO 27001 audits, or multi-framework control mapping.</li> <li>Experience with third-party risk management, vendor security reviews, business associate/vendor security expectations, and customer security assessments.</li> <li>Experience supporting privacy, security incident response, or breach assessment workflows involving regulated data.</li> <li>Familiarity and interest towards AI, data platform, healthcare interoperability, payments, or marketplace environments. Preferably you have also built something yourself using AI.&nbsp;</li> </ul> <p>We expect this position to be filled by 8/26/26.</p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p><span style="font-size: 32px;"><strong>Compensation</strong></span></p> <p>The successful candidate’s starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.</p> <p>In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.</p> <p>DoorDash cares about you and your overall well-being. That’s why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.</p> <p>To learn more about our benefits, visit our careers page <a href="https://careers.doordash.com/">here</a>.</p> <p>See below for paid time off details:</p> <ul> <li><strong>For salaried roles:</strong> flexible paid time off/vacation, plus 80 hours of paid sick time per year.</li> <li><strong>For hourly roles:</strong> vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).</li> </ul></div><div class="title">The national base pay range for this position within the United States, including Illinois and Colorado.</div><div class="pay-range"><span>$132,600</span><span class="divider">&mdash;</span><span>$195,000 USD</span></div></div></div><div class="content-conclusion"><h2>About DoorDash</h2> <p>At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users—from Dashers to merchant partners to consumers. We are a technology and logistics company that started by enabling door-to-door delivery, and we are looking for team members who can help us go from a company that is known as the place you order food to a company that people turn to for any and all goods.<br><br>DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.</p> <h2>Our Commitment to Diversity and Inclusion</h2> <p>We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.</p> <p>Statement of Non-Di

Ready to apply?

Create your free Jobbie profile once — we apply to this job and hundreds like it for you.

Sign up to apply