Security Engineer II (GRC), Remote at Aledade

**Who this is for** A detail-oriented security professional with a strong foundation in Governance, Risk, and Compliance (GRC) and a passion for maturing securi

Work type: remote

Location: Remote, United States

Type: Full-time

Summary

**Who this is for** A detail-oriented security professional with a strong foundation in Governance, Risk, and Compliance (GRC) and a passion for maturing security postures in regulated industries. **Key highlights** You will design and implement GRC solutions, manage security assessments, and ensure the enterprise remains compliant with key regulatory requirements like HIPAA and HITRUST. **You might be a good fit if you...** - Have 2+ years of experience in security or GRC within a regulated environment. - Are well-versed in frameworks such as SOC 2, HIPAA, HITRUST, and NIST. - Have hands-on experience using GRC automation tools like Vanta or OneTrust. - Demonstrate excellent ability to communicate compliance implications to cross-functional teams.

Job Description

We're looking for someone with solid expertise in GRC frameworks, risk assessment methodologies, and compliance standards. You'll leverage this knowledge to:

1. Design, implement, and maintain robust governance, risk, and compliance processes, ensuring adherence to healthcare security standards including HIPAA, HITRUST, and SOC2.

2. Collaborate cross-functionally with various teams to align GRC solutions with organizational security requirements, facilitating compliant and efficient operations across the enterprise.

3. Drive impactful compliance outcomes that directly strengthen our regulatory posture and support our critical security attestation initiatives.

Your ability to partner effectively across teams will be crucial in this role as we continue to mature our GRC capabilities.

## Primary Duties:

• Working cross-functionally to design, build, and operate GRC solutions that improve and mature our compliance capabilities.

• a. Implement and optimize security questionnaire and trust assessment workflows

• b. Develop automated compliance monitoring and reporting mechanisms

• c. Design scalable GRC processes that support business growth

• Leveraging data and risk analytics to understand compliance trends, metrics, and opportunities to improve our security posture, researching regulatory requirements, and then making recommendations to address compliance gaps with stakeholders.

• a. Analyze security assessment results and third-party risk evaluations

• b. Track and report on key risk indicators and compliance metrics

• c. Research emerging GRC requirements and industry best practices

• Supporting and enhancing incident/issues response efforts from a compliance perspective, contributing to analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and regulatory adherence

• a. Assess compliance implications of security incidents

• b. Support breach notification and regulatory reporting requirements

• c. Coordinate with legal and compliance teams on incident response

• Helping craft and refine GRC documentation pertinent to our Security Program, such as policies, standards, risk assessments, and compliance procedures

• a. Maintain security questionnaire response repository and knowledge base

• b. Develop and update GRC policies, procedures, and control documentation

• c. Create compliance training materials and guidance documents

• BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field.

• 2+ years combined experience as a security or GRC professional in an enterprise environment (preferably healthcare or highly regulated industry).

• Experience in Governance, Risk, and Compliance functions, including hands-on experience with GRC frameworks (SOC2, HIPAA, HITRUST, NIST).

• Domain Specific KSAs - Governance, Risk, and Compliance (GRC):

• Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).

• Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.

1. Design, implement, and maintain robust governance, risk, and compliance processes, ensuring adherence to healthcare security standards including HIPAA, HITRUST, and SOC2.

2. Collaborate cross-functionally with various teams to align GRC solutions with organizational security requirements, facilitating compliant and efficient operations across the enterprise.

3. Drive impactful compliance outcomes that directly strengthen our regulatory posture and support our critical security attestation initiatives.

Your ability to partner effectively across teams will be crucial in this role as we continue to mature our GRC capabilities.

View this job on nocollar jobs