Senior IT Compliance Analyst

Our mission at Oura is to empower every person to own their inner potential. Our award-winning products help our global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. We've helped 2.5 million people understand and improve their health by providing daily insights and practical steps to inspire healthy lifestyles.

Empowering the world starts with living and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we ensure that our team members have what they need to do their best work — both in and out of the office.

We are looking for a highly motivated Senior IT Compliance Analyst to join our IT Operations team. This role is critical for supporting and maturing our compliance programs, including SOC2, HIPAA, HITRUST, NIST 800-171, and DoD frameworks.

As a Senior IT Compliance Analyst, you will take ownership of compliance assessments, audit readiness, and control implementations, ensuring that IT systems and processes adhere to regulatory requirements and industry best practices. You will collaborate with cross-functional teams, including Security, GRC, Engineering, and IT Operations, to proactively identify risks, implement controls, and drive a culture of compliance. The ideal candidate has a deep understanding of IT compliance frameworks, experience leading audits and risk assessments, and a proactive approach to enhancing compliance programs through automation and process improvements.

What you will do: 

• Lead Compliance Programs: Take ownership of IT compliance initiatives, driving continuous improvement and maturity across SOC2, HIPAA, HITRUST, and NIST 800-171.
• Audit & Compliance Management: Lead the planning, execution, and management of compliance audits, coordinating with internal teams and external auditors to ensure successful outcomes.
• Policy Development & Maintenance: Develop, maintain, and revise IT compliance policies and procedures, ensuring alignment with industry best practices and evolving regulatory requirements.
• Risk Assessment: In collaboration with Security, conduct regular IT risk assessments, identifying gaps in controls, and recommending mitigation actions to minimize potential risks.
• Documentation & Reporting: Maintain comprehensive documentation to support compliance activities and generate regular reports to communicate compliance status to stakeholders.
• Collaboration & Stakeholder Engagement: Work closely with Security, IT Operations, and Legal teams to facilitate compliance-related initiatives and ensure controls are properly implemented.
• Training & Awareness: Provide ongoing training to internal teams on compliance obligations, policies, and best practices to cultivate a culture of compliance.

This is a remote US role with a preference for candidates based on the East Coast. ŌURA employees in major cities (like Boston or New York) occasionally gather informally at local co-working locations.

We would love to have you on our team if you have:

• Experience: 6+ years of experience in IT compliance, IT risk management, IT operations, or a related GRC role.
• Governance Writing Skills: Exceptional ability to draft clear, concise policies and procedures that are easily understood and practical for end-users.
• Knowledge: Deep knowledge of SOC2, HIPAA, HITRUST, NIST 800-171, and emerging regulatory requirements in IT.
• Technical Skills: Understanding of IT security controls, access management, cloud environments (AWS, Azure, GCP), and IT operations tools (e.g., ServiceNow, SIEM, and IAM solutions).
• Work Management Tools: Experience optimizing compliance processes using tools like Jira, Confluence, and ServiceNow for tracking and automation.
• Analytical & Problem-Solving Skills: Proven ability to assess complex compliance requirements, interpret regulatory frameworks, and drive pragmatic solutions.
• Collaboration & Influence: Strong ability to partner with engineering, security, legal, and IT teams to embed compliance best practices into day-to-day operations.
• Remote Collaboration and Travel: Ability to travel as needed and effectively collaborate with remote teams.
• Certifications (preferred): CISA, CRISC, CCEP or HITRUST CCSFP.

At Oura, we care about you and your well-being. Everyone here at Oura has a ring of their own and we are continually looking to improve employee health and add to our benefits!

What we offer:

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own plus employee discounts for friends & family
• 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
• Paid sick leave and parental leave
• Amazing culture of collaborative and passionate coworkers

Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. These ranges may be modified in the future.

• Region 1: $126,000 - $157,000
• Region 2: $115,000 - $144,000
• Region 3: $108,000 - $135,000

A recruiter can determine your zones/tiers based on your US location.

Oura is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.

We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Disclaimer: Beware of fake job offers!
We’ve been alerted to scammers posing as ŌURA recruiters, especially for remote roles. Please note:

• Our jobs are listed only on the ŌURA Careers page and trusted job boards.
• We will never ask for personal information like ID or payment for equipment upfront.
• Official offers are sent through Docusign after a verbal offer, not via text or email.

Stay cautious and protect your personal details.

To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.