GRC Analyst, Federal Programs

At Sword, we’re building AI to heal billions and unlock humanity’s full potential. In doing so, we’re pioneering AI Care, a fundamentally new approach to healthcare built for medical reasoning, safety, and real-time treatment, not generic technology applied after the fact. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale, removing traditional barriers like appointments, waiting rooms, and stigma so more people can access the care they need—and ultimately get back to lives lived in full.

Since 2020, Sword has expanded across physical therapy, women’s health, cardiometabolic, and mental health, and is now moving beyond the session to a fully AI-native, 24/7 care program that brings physical activity, therapeutic exercise, psychotherapy, nutrition, and behavior change into one connected experience. More than 700,000 members across three continents have completed over 10 million AI sessions, helping 1,000+ enterprise clients avoid more than $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies, 44+ patents, and more than $500 million raised from leading investors including Khosla Ventures, General Catalyst, and Founders Fund, Sword is defining a new standard for healthcare.

Role

This position sits within Sword's GRC team, which is responsible for security compliance across all of Sword's products and services — from our musculoskeletal programs to our mental health and consumer offerings. The team operates across multiple frameworks and serves a broad set of internal stakeholders. Within that team, this role's primary focus is federal programs: owning Sword's CMMC certification effort and driving FedRAMP readiness as a co-equal priority. Beyond those two programs, this person will be expected to contribute to the broader GRC function as needs arise.

This is not a checkbox compliance role. The person in this position will own the end-to-end CMMC journey — from scoping and gap analysis through cross-functional remediation and assessment readiness — while building toward the same depth of ownership on FedRAMP.

You will work closely with teams across infrastructure, product engineering, security operations, clinical systems, and marketing, translating complex regulatory requirements into actionable, prioritized work that these teams can understand and execute. You will also serve as Sword's primary point of contact with external auditors and assessors during assessment cycles.

This role requires someone who can move fluidly between deep technical detail and clear stakeholder communication — someone who is just as comfortable reviewing a system security plan as they are presenting a remediation roadmap to a non-technical business leader.

To get to know more about our Tech Stack, check here.

Role

This position sits within Sword's GRC team, which is responsible for security compliance across all of Sword's products and services — from our musculoskeletal programs to our mental health and consumer offerings. The team operates across multiple frameworks and serves a broad set of internal stakeholders. Within that team, this role's primary focus is federal programs: owning Sword's CMMC certification effort and driving FedRAMP readiness as a co-equal priority. Beyond those two programs, this person will be expected to contribute to the broader GRC function as needs arise.

This is not a checkbox compliance role. The person in this position will own the end-to-end CMMC journey — from scoping and gap analysis through cross-functional remediation and assessment readiness — while building toward the same depth of ownership on FedRAMP.

You will work closely with teams across infrastructure, product engineering, security operations, clinical systems, and marketing, translating complex regulatory requirements into actionable, prioritized work that these teams can understand and execute. You will also serve as Sword's primary point of contact with external auditors and assessors during assessment cycles.

This role requires someone who can move fluidly between deep technical detail and clear stakeholder communication — someone who is just as comfortable reviewing a system security plan as they are presenting a remediation roadmap to a non-technical business leader.

To get to know more about our Tech Stack, check here.

At Sword, we’re building AI to heal billions and unlock humanity’s full potential. In doing so, we’re pioneering AI Care, a fundamentally new approach to healthcare built for medical reasoning, safety, and real-time treatment, not generic technology applied after the fact. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale, removing traditional barriers like appointments, waiting rooms, and stigma so more people can access the care they need—and ultimately get back to lives lived in full.

Since 2020, Sword has expanded across physical therapy, women’s health, cardiometabolic, and mental health, and is now moving beyond the session to a fully AI-native, 24/7 care program that brings physical activity, therapeutic exercise, psychotherapy, nutrition, and behavior change into one connected experience. More than 700,000 members across three continents have completed over 10 million AI sessions, helping 1,000+ enterprise clients avoid more than $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies, 44+ patents, and more than $500 million raised from leading investors including Khosla Ventures, General Catalyst, and Founders Fund, Sword is defining a new standard for healthcare.