At GoodRx, we believe that all Americans should have access to convenient and affordable healthcare. As a nation, we spend about $3.5 trillion annually on our healthcare, but too many Americans don't get the care they need, and prices just keep rising. We started with prescriptions, and we've helped over 100 million Americans save over $15 billion to date. Now, we're aiming to tackle all of healthcare. GoodRx is a profitable business funded by top-tier investors; we're based in Santa Monica with additional offices around the country. We're a low-key and tight-knit group that likes to find new ways to fix problems. If you share our belief that you can do well by doing good, let's talk.
About the Role 

We are looking for a Senior Compliance Analyst with a strong IT audit experience and background in the technical implementation of SOC2, ISO 27001 or SOX-404. As our Senior Compliance Analyst, you will support compliance initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of the appropriate IT controls in our computing environments and demonstrating those controls to external auditors. 
This position will report into the Director of Information Security. 
 

Responsibilities:

• Auditing of complex IT and Security environments and serving as the staff on audits
• Performing risk assessments and audits with limited supervision from management
• Capturing and analyzing information to identify key risks and corresponding controls
• Systematically testing and evaluating controls to verify efficiency and effectiveness of operation, reliability of information and compliance with applicable laws and regulations.
• Communicating findings and recommendations to management
• Documenting risk assessment and audit work
• Assist with SOC 2 and other external audits
• Following-up and implementing corrective actions
• Identifying internal control standard methodologies and promotes their adoption across the enterprise
• Delivering training to other members of the company on policies and procedures
• Lead security audit projects using appropriate methodologies.

Skills & Qualifications: 

• Experience in IT regulation and compliance standards such as SOC 2, ISO 27001, SOX-404, HIPAA, and PCI
• Minimum of 3 years experience in an audit or compliance role
• Understanding of IT methodologies, such as software development lifecycle and operations
• Ability to understand complex technical environments
• Excellent oral, written and presentation communication skills

Nice to Have: 

• CISA certification
• Experience working for a company in the technology or healthcare industry
• Experience working in Amazon Web Services and Google Cloud environments a plus

About GoodRx
GoodRx is the country's leading marketplace for affordable and convenient healthcare. The company offers the most comprehensive and accurate resource for prescription medications in the U.S., gathering pricing information from thousands of pharmacies coast to coast. More than 12 million consumers use GoodRx each month to find current prices and discounts for their medications. Since 2011, Americans with and without health insurance have saved more than $15 billion using GoodRx – more than $5 billion in 2019 alone. With GoodRx Care, Americans can get an online medical visit with a skilled physician for fast and easy treatment, prescriptions, and lab tests for routine medical issues. GoodRx is the #1 medical app on the iOS and Android app stores and tens of thousands of doctors recommend GoodRx to their patients. For more information, visit www.goodrx.com.