About Fullscript\nWe're an industry-leading health technology company on a mission to help people get better.\nWe started in **** with one simple idea.\nMake it easier for practitioners to access the products they trust so they can deliver better care.\nThat simple idea grew into a platform that powers every part of care.\nToday, more than 125,000 practitioners use Fullscript for clinical insights, lab interpretations, patient analytics, education, and access to high-quality supplements.\nOver 10 million patients rely on Fullscript to stay connected to their care plans and follow through on treatment.\nWe build tools that make care smarter and more human.\nTools that save time, simplify decisions, and help practitioners stay closely connected to the people they care for.\nWhen everything they need is in one place, they can focus on what matters most: helping people get better.\nThis is your invitation.\nBring your ideas, your grit, and your care for people.\nJoin us and shape the future of care.\nFullscript is currently looking for a GRC Analyst (Risk) to join our growing Security team and help establish and scale foundational risk management practices across the organization.\nThe Security team is responsible for product security, governance, risk, compliance, as well as security operations and incident response.\nThis role is critical to evolving Fullscript's risk management approach from an ad hoc, reactive model to a structured, proactive, and measurable enterprise risk program.\nYou will work closely with teams across Fullscript to identify, assess, and track security and operational risks, while providing leadership with clear visibility into the company's risk posture.\nWhat you'll do\nEnterprise Risk Management\nIdentify, document, and assess security and operational risks across business units\nMaintain a comprehensive and up-to-date enterprise risk register\nApply a consistent methodology for evaluating risk likelihood, impact, ownership, and treatment\nPartner with risk owners to ensure risks are clearly articulated and appropriately managed\nRisk Governance & Decision Support\nEnsure risk acceptance, mitigation, and transfer decisions are documented, traceable, and aligned with Fullscript's risk appetite\nTrack remediation efforts and follow up with stakeholders to ensure timely risk reduction\nProduce clear, data-driven risk reporting and dashboards to support leadership and executive decision-making\nThird-Party Risk Management\nSupport and manage Fullscript's third-party risk management program\nConduct risk assessments for vendors and partners, including onboarding and periodic reviews\nCollaborate with Procurement, Legal, Security, and Engineering to ensure third-party risks are identified and addressed\nCross-Functional Collaboration\nPartner with Security, Engineering, IT, Legal, Compliance, and business teams to surface emerging risks\nAct as a trusted partner and advisor on risk-related questions across the organization\nHelp drive clarity around risk ownership and accountability\nProgram Development & Continuous Improvement\nHelp define, document, and refine risk management processes, standards, and procedures\nContribute to policies and controls that support effective risk governance\nSupport audit, compliance, and regulatory activities by providing risk context and evidence\nWhat you bring to the table\nRisk & GRC Foundations\nExperience in governance, risk management, compliance, security operations, IT risk, or a related field\nUnderstanding of security and operational risk concepts and common risk management frameworks\nAbility to assess technical and non-technical risks and translate them into business impact\nAnalytical & Communication Skills\nStrong analytical and problem-solving skills, with the ability to identify patterns and trends in risk data\nExperience creating clear documentation, reports, and dashboards for technical and non-technical audiences\nStrong verbal and written communication skills\nCollaboration & Growth Mindset\nAbility to work cross-functionally and influence without direct authority\nWillingness to ask questions, seek feedback, and continuously improve processes\nComfortable operating in a growing, evolving environment where programs are being built and scaled\nJudgment & Decision-Making\nStrong situational awareness and judgment when evaluating risk trade-offs\nAbility to support and influence risk decisions with data and context\nBonus if you have\nExperience with third-party risk management programs\nFamiliarity with frameworks such as NIST, ISO *, SOC 2, CIS, or HITRUST
