Senior Risk & Compliance Analyst - Remote

Dragonfly Health - A great place to land 

Dragonfly Health is the leading care-at-home data, technology and service platform, and the industry’s first scale durable medical equipment (DME) and pharmacy solution. Built on a 20-year history, Dragonfly Health uses advanced technology and robust analytics to manage DME and pharmaceutical services as part of a single, efficient solution for caregivers, patients, and their families. We serve over 145,000 patients every day in all 50 states.

Here, you are an integral part of a team that is transforming the future of hospice and post-acute healthcare. This is where innovation, collaboration and compassion thrive, allowing us to carry out our work at the highest level to serve our patients at a time in their life when they need us most.

We offer a dynamic and inclusive workplace where you'll have the unique opportunity to shape the future of healthcare alongside a passionate and talented team. We believe in empowering our employees to grow both personally and professionally, providing ample opportunities for career advancement, continuous learning, and skill development.

Dragonfly Health is our name for a reason.

The dragonfly is symbolic of the transformational impact we’re making on the industry, our people, and the lives we touch. We are a guiding force for what’s ahead, delivering more than equipment and medications, but also comfort and peace of mind. We are agile and adaptable, able to quickly and easily pivot from one point to the next, ready for whatever situation or patient need that arises. 

Whatever it takes. Wherever it takes us. 

What we offer

• Competitive Pay
• Comprehensive benefits package (health, dental, vision, PTO, sick time, 401k w/match, etc.) 
• Growth opportunity and career advancement
• Agile and adaptable team culture
• Innovative and revolutionary technology solutions
• A higher calling to provide quality patient care

See how Dragonfly Health is transforming the world of hospice and post-acute care.

What you will do

• Maintain Certification: Ensures successful completion and renewal of SOC2 Type I and II audits.
• Risk Assessment & Monitoring: Identifies, assesses, and monitors internal, third-party, and fourth-party information security risks.
• Audit & Assessment Support: Coordinates evidence collection and supports internal and external audits, assessments, and investigations – including third-party risk assessments.
• Risk Communication: Translates complex technical and regulatory findings into clear, actionable recommendations for business and technical stakeholders.
• Risk Tracking & Remediation: Tracks and drives resolution of identified risks through remediation planning and follow-up.
• Policy & Procedure Development: Creates, updates, and maintains security policies, standards, and procedures aligned with regulatory and industry frameworks.
• Regulatory Readiness: Prepares and organizes documentation in support of HIPAA, HITECH,, and other regulatory audits or inquiries.
• Control Gap Identification: Identifies and documents gaps in cybersecurity, IT controls, and risk management practices.
• Threat & Standards Awareness: Monitors evolving cybersecurity threats, compliance obligations, and healthcare industry standards to inform proactive risk management.
• Reporting & Presentation: Prepares and delivers audit and risk reports to leadership including corrective action plans that are practical and aligned with team capabilities and budget.
• Client Security Inquiries: Manages and drafts responses to customer and partner security questionnaires and due diligence requests.
• GRC Tool Implementation: Leads the evaluation, selection, and enterprise-wide deployment of a Governance, Risk, and Compliance (GRC) platform.

What we look for

• 5-8+ years of progressive experience in one or more of the following areas: Information Security Risk Management, Regulatory Compliance (HIPAA, HITECH, SOC2, etc.), Internal or External IT Audit, GRC Program Development or Tool Implementation, Third-Party Risk Management, Healthcare IT or Health Information Management, Enterprise Risk Management (ERM) or Policy Governance.
• Hands-on support for SOC2 audits, HIPAA Security Rule compliance, or HITECH assessment
• Familiarity with healthcare industry regulations and privacy/security frameworks (e.g., NIST, HITRUST, ISO 27001)
• Experience managing or responding to client/vendor security assessments strongly preferred
• Leading or contributing to the implementation of a GRC platform strongly preferred
• Exposure to both technical teams (e.g., cybersecurity, IT) and non-technical teams (e.g., Legal, Compliance, Audit) is strongly preferred
• Preferred Certifications: CRISC (Certified Risk and Information System Control) or equivalent, CISSP (Certified Information System Security Professional), CompTIA Security+, CHC – Certified in Healthcare Compliance (from HCCA)

Why Senior Risk & Compliance Analysts are important

The Senior Risk & Compliance Analyst plays a critical role at Dragonfly Health by protecting the organization from legal, financial, and reputational risks in a highly regulated healthcare environment. They ensure compliance with laws like HIPAA and HITECH, proactively identify and mitigate operational and data-related risks, and uphold data privacy and security standards to protect patient information. By conducting audits, improving policies, and translating complex regulations into practical guidance, they embed compliance into everyday operations. Their cross-functional collaboration helps Dragonfly scale responsibly, maintain patient trust, and operate with integrity at every level.

Let's soar together