Key skills
AnalyticsRepository
About this role
Aledade, Inc. is a public benefit corporation focused on empowering independent primary care across the healthcare landscape. They are seeking a Security Engineer II (GRC) to design and maintain governance, risk, and compliance processes, ensuring adherence to healthcare security standards and supporting compliance outcomes.
Responsibilities:
- Design, implement, and maintain robust governance, risk, and compliance processes, ensuring adherence to healthcare security standards including HIPAA, HITRUST, and SOC2
- Collaborate cross-functionally with various teams to align GRC solutions with organizational security requirements, facilitating compliant and efficient operations across the enterprise
- Drive impactful compliance outcomes that directly strengthen our regulatory posture and support our critical security attestation initiatives
- Working cross-functionally to design, build, and operate GRC solutions that improve and mature our compliance capabilities
- Implement and optimize security questionnaire and trust assessment workflows
- Develop automated compliance monitoring and reporting mechanisms
- Design scalable GRC processes that support business growth
- Leveraging data and risk analytics to understand compliance trends, metrics, and opportunities to improve our security posture, researching regulatory requirements, and then making recommendations to address compliance gaps with stakeholders
- Analyze security assessment results and third-party risk evaluations
- Track and report on key risk indicators and compliance metrics
- Research emerging GRC requirements and industry best practices
- Supporting and enhancing incident/issues response efforts from a compliance perspective, contributing to analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and regulatory adherence
- Assess compliance implications of security incidents
- Support breach notification and regulatory reporting requirements
- Coordinate with legal and compliance teams on incident response
- Helping craft and refine GRC documentation pertinent to our Security Program, such as policies, standards, risk assessments, and compliance procedures
- Maintain security questionnaire response repository and knowledge base
- Develop and update GRC policies, procedures, and control documentation
- Create compliance training materials and guidance documents
Requirements:
- BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field
- 2+ years combined experience as a security or GRC professional in an enterprise environment (preferably healthcare or highly regulated industry)
- Experience in Governance, Risk, and Compliance functions, including hands-on experience with GRC frameworks (SOC2, HIPAA, HITRUST, NIST)
- Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001)
- Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring