Sword
Healthcare
GRCAnalyst,FederalPrograms
Neural analysis suggests this role is
optimal for Senior candidates.
“GRC Analyst, Federal Programs at Sword. Skills: GRC, federal compliance, CMMC, FedRAMP, compliance documentation. contributing to security compliance across all products and services. primary ownership of federal compliance”
What You'll Achieve.
ensure the CMMC assessment boundary is accurate; produce a clear, evidence-based gap analysis; Drive FedRAMP readiness
Industry & Context.
gap analysis; Translate identified gaps into prioritized remediation tasks
US citizenship, Ability to obtain a federal Public Trust designation if required by a sponsoring agency, legal right to work in the United States, immigration or work visa sponsorship will not be provided
What They're Looking For.
Must Have
5+ years of hands-on experience in GRC, compliance, or security, at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP, Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance program, working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling, Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy guidance, Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business, Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response, US citizenship, Ability to obtain a federal Public Trust designation if required by a sponsoring agency
Nice to Have
CMMC Certified Professional (CCP) credential, or active pursuit of CMMC Certified Assessor (CCA), Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO, Background in defense contracting or regulated health tech, Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001), Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta
What You'll Do.
contributing to security compliance across all products and services
primary ownership of federal compliance
Define and maintain the CMMC assessment boundary
Map NIST SP 800-171 practices to Sword's current environment
evidence-based gap analysis
Translate identified gaps into prioritized remediation tasks with clear ownership
Build and maintain the System Security Plan (SSP)
Plan of Action and Milestones (POA&M)
and all artifacts required for CMMC
Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments
Drive FedRAMP readiness in parallel
including control documentation
and continuous monitoring
Contribute to audits and compliance activities across other active frameworks
including SOC 2 and HITRUST
How You'll Work.
Team & Collaboration
working across infrastructure, engineering, and business teams; communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business; Engaging directly with external auditors and assessors
Communication Scope
communicate technical compliance requirements to non-technical stakeholders
Process & Methodology
driving remediation through a CMMC, FedRAMP, or equivalent federal compliance program, prioritized remediation tasks with clear ownership
Full Job Description
## Description At Sword, we’re building AI to heal billions and unlock humanity’s full potential. In doing so, we’re pioneering AI Care, a fundamentally new approach to healthcare built for medical reasoning, safety, and real-time treatment, not generic technology applied after the fact. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale, removing traditional barriers like appointments, waiting rooms, and stigma so more people can access the care they need—and ultimately get back to lives lived in full. Since 2020, Sword has expanded across physical therapy, women’s health, cardiometabolic, and mental health, and is now moving beyond the session to a fully AI-native, 24/7 care program that brings physical activity, therapeutic exercise, psychotherapy, nutrition, and behavior change into one connected experience. More than 700,000 members across three continents have completed over 10 million AI sessions, helping 1,000+ enterprise clients avoid more than $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies, 44+ patents, and more than $500 million raised from leading investors including Khosla Ventures, General Catalyst, and Founders Fund, Sword is defining a new standard for healthcare. ## AI Proficiency at Sword Health AI fluency is a core expectation at Sword Health. Every candidate is assessed against our three-level framework — be ready to share real examples of how AI is already part of how you work. Explorer (Level 1) — Uses AI daily to boost personal productivity Builder (Level 2) — Creates workflows and tools that elevate the whole team Integrator (Level 3) — Embeds AI into products and processes at scale Every hire must demonstrate at least Level 1. The expected level will vary depending on the seniority of the role. ## What you’ll be doing Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary owners
Applying for this GRC Analyst, Federal Programs role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Lever
- Lever uses a streamlined one-page form — apply in under 5 minutes.
- LinkedIn import works well; review parsed data before submitting.
- The cover letter field is optional but visible to reviewers — use it to differentiate.
- Referral codes from employees can significantly boost visibility of your application.
ANONYMOUS · UNFILTERED
What do employees actually say about Sword?
Real rants from real employees. Read before you apply.