Senior GRC Engineer

Lantern is the specialty care platform connecting people with the best care when they need it most. By curating a Network of Excellence comprised of the nation's top specialists for surgery, cancer care, infusions and more, Lantern delivers excellent care with significant cost savings to employers and their workforces. Lantern also pairs members with a dedicated care team, including Care Advocates and nurses, for the entirety of their care journey, helping them get back to good health, back to their families and back to work. With convenient access to specialists nationwide, Lantern means quality care is within driving distance for most. Lantern is trusted by the nation's largest employers to deliver care to more than 6 million members across the country. Learn more about us at lanterncare.com. 

• You use LOGIC in your decision making and understand that progress is critical to making change. You focus on the execution of your content while balancing a fast-paced environment and you take the time to celebrate both the small & big wins. 
• INCLUSION is a core tenant of your personal beliefs. A diverse and inclusive environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
• You have the GRIT, drive and ambition to tackle big problems. Big problems require big ideas and a team that supports new ideas. 
• You care deeply for your customers are driven to keep HUMANITY in all decisions. Your customers aren’t just the individuals using your product. They are the driving factor in your motivation to make a change.
• Integrity guides you in life. Focusing on the TRUTH vs. giving people the answers they want to hear. 
• You thrive in a Team Environment. Collaboration is key in innovation and creating change.

These pillars of LIGHT are a reminder to our team that we are making a difference by providing guidance and support in navigating the often complex and confusing landscape of healthcare. We hope that through this LIGHT, individuals can find their way to the best care, resources, and support they need to get back to life. 

If this sounds like you, we would love to connect to speak further about career opportunities at Lantern.

Please apply to our role & someone from our Talent Acquisition Team will reach out to help you navigate our interview process.

Lantern is seeking a Senior GRC Engineer to join our GRC team as a key individual contributor. This role is built specifically for someone who builds compliance infrastructure, not just manages it. You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform.

This is not a checkbox compliance role. We are deploying AI across our platform to improve how members access specialty care, and we need a GRC engineer who writes code to solve compliance problems, builds automation that eliminates manual evidence collection, and can govern the AI systems we are actively deploying. If you think in systems, reach for Python before a spreadsheet, and want to shape what a modern GRC function looks like, this role was built for you.

Location: Hybrid - at least 4 days/wk in our Dallas, TX offices

Responsibilities: 

• Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
• Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
• Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
• Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing

• Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
• Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
• Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
• Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools

• Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
• Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
• Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap

• Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
• Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
• Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase

• 5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
• Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
• Has built something using an LLM or AI framework: a working tool, even a prototype.
• Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better

• Experience with continuous control monitoring, integrating compliance checks into CI/CD or cloud infrastructure
• Working knowledge of Python, SQL, or equivalent for data extraction, risk scoring, and compliance automation
• Experience with cloud security controls in Azure

• CISA, CRISC, CISM, or CISSP
• HITRUST CCSFP a strong plus

• Build systems, not checklists. Manual processes are temporary; automation is the goal
• Move with urgency and precision, flagging risk before it becomes an issue
• Balance rigor with pragmatism, enabling the organization to move fast while staying protected
• Communicate clearly to both technical and non-technical audiences without losing nuance
• Bring genuine curiosity about AI. Follow the space and have formed opinions
• Embody Lantern’s LIGHT pillars (Logic, Inclusion, Grit, Humanity, Truth) in every interaction