Aledade3mo ago

Security Engineer II (GRC), Remote

United StatesRemoteFull Timemid

EngineeringSecurity EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

We're looking for someone with solid expertise in GRC frameworks, risk assessment methodologies, and compliance standards. You'll leverage this knowledge to: 1.

Technical Tools

cybersecurity

We're looking for someone with solid expertise in GRC frameworks, risk assessment methodologies, and compliance standards. You'll leverage this knowledge to:

1. Design, implement, and maintain robust governance, risk, and compliance processes, ensuring adherence to healthcare security standards including HIPAA, HITRUST, and SOC2.

2. Collaborate cross-functionally with various teams to align GRC solutions with organizational security requirements, facilitating compliant and efficient operations across the enterprise.

3. Drive impactful compliance outcomes that directly strengthen our regulatory posture and support our critical security attestation initiatives.

Your ability to partner effectively across teams will be crucial in this role as we continue to mature our GRC capabilities.

Working cross-functionally to design, build, and operate GRC solutions that improve and mature our compliance capabilities.

a. Implement and optimize security questionnaire and trust assessment workflows

b. Develop automated compliance monitoring and reporting mechanisms

c. Design scalable GRC processes that support business growth

Leveraging data and risk analytics to understand compliance trends, metrics, and opportunities to improve our security posture, researching regulatory requirements, and then making recommendations to address compliance gaps with stakeholders.

a. Analyze security assessment results and third-party risk evaluations

b. Track and report on key risk indicators and compliance metrics

c. Research emerging GRC requirements and industry best practices

Supporting and enhancing incident/issues response efforts from a compliance perspective, contributing to analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and regulatory adherence

a. Assess compliance implications of security incidents

b. Support breach notification and regulatory reporting requirements

c. Coordinate with legal and compliance teams on incident response

Helping craft and refine GRC documentation pertinent to our Security Program, such as policies, standards, risk assessments, and compliance procedures

a. Maintain security questionnaire response repository and knowledge base

b. Develop and update GRC policies, procedures, and control documentation

c. Create compliance training materials and guidance documents

BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field.

2+ years combined experience as a security or GRC professional in an enterprise environment (preferably healthcare or highly regulated industry).

Experience in Governance, Risk, and Compliance functions, including hands-on experience with GRC frameworks (SOC2, HIPAA, HITRUST, NIST).

Domain Specific KSAs - Governance, Risk, and Compliance (GRC):

Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).

Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.

Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.