Key skills
Compliance frameworksContinuous compliance automationRisk assessmentsCloud computing platformsBI toolsScriptingAnalytical skillsCommunication skillsJavaScriptPythonLookerBIAWSAzureGCP
About this role
Ro is a direct-to-patient healthcare company focused on delivering effective care through a vertically integrated platform. The Sr. GRC Engineer will be a key member of the GRC team, responsible for managing compliance platforms, performing risk assessments, and supporting audits to ensure ongoing compliance with various frameworks.
Responsibilities:
- Serve as both a risk practitioner and automation engineer. Automate everything
- Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows
- Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
- Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
- Partner with Security, IT, Infrastructure, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
- Support internal and external audits (SOC 2, HIPAA, HITRUST)
- Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans
- Develop and maintain risk reporting, metrics, and executive summaries with BI tools (Looker, Hex, etc)
Requirements:
- 5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles, including hands-on experience working with compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST, and PCI in modern, technology-driven environments
- 3+ years of experience with ongoing compliance operations, with demonstrated progression from manual evidence collection to automated, continuously monitored controls
- 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations as well as optimizing automated evidence workflows
- Working knowledge of cloud computing platforms (AWS, Azure, GCP) and how their native services and configurations support security and compliance requirements
- Expertise in using Looker (or similar BI tool; HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights
- Ability to automate data ingestion, transformation, and reporting using scripting or programmatic approaches (e.g., Python, JavaScript, APIs, Tines.)
- Strong analytical and root cause analysis skills
- Kindness, and an ability to communicate to all levels of the organization
- Advanced GRC Automation & Engineering Mindset (custom automatons or workflows beyond out-of-the-box compliance tools)