GRC Analyst

Our mission at Oura is to empower every person to own their inner potential. Our award-winning products help our global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. We've helped 2.5 million people understand and improve their health by providing daily insights and practical steps to inspire healthy lifestyles.

Empowering the world starts with living our values and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we ensure that our team members have what they need to do their best work — both in and out of the office. 

We are looking for a Governance, Risk, and Compliance (GRC) Analyst to join our growing team. You will play a critical role in managing and improving our GRC activities, aligning them with our organization's strategic objectives.

What you will do:

• Conduct and manage Vendor Risk Assessments (VRAs) [TPRM].
• Conduct and manage Client Risk Assessments (CRAs) [Security Questionnaires].
• Develop and implement Product Risk Assessments (PRAs).
• Collaborate on GRC programs ensuring alignment with broader security strategy.
• Review, create, and update policies and procedures to ensure compliance with relevant laws, regulations, and standards.
• Manage our external audit program, including engaging necessary teams during audit periods.
• Collaborate with internal stakeholders to improve our Business Continuity Plan (BCP), Continuity of Operations Plan (COOP), Business Impact Analysis (BIA), and Incident Response Plan (IRP).
• Conduct User and Access Audits, assessing the effectiveness of our offboarding and Role-Based Access Control (RBAC) privilege provisioning processes.
• Perform internal compliance audits, ensuring that we are measuring the efficacy of compliance activities in our security programs.

This is a remote US role with a slight preference for candidates based in the Eastern and Central time zones.

Requirements

We would love to have you on our team if you have:

• Proven technical experience and knowledge of IT systems, web applications
• Proven experience in a GRC role, ideally within a similar industry.
• Strong knowledge of relevant laws, regulations, and standards.
• Experience with risk management, audit management, and policy and procedure development.
• Excellent problem-solving skills and attention to detail.
• Relevant professional certifications (e.g., CISA, CISM, CISSP) would be an advantage.

Benefits

At Oura, we care about you and your well-being. Everyone here at Oura has a ring of their own and we are continually looking to improve employee health and add to our benefits!

What we offer:

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own plus employee discounts for friends & family
• 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
• Paid sick leave and parental leave
• Amazing culture of collaborative and passionate coworkers

A recruiter can determine your zones/tiers based on your US location.

To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.

Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. The range for this position is under review and will be posted soon.

Oura is proud to be an equal-opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.

We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.