Key skills
GRC platform experienceVantaDrataTugboat LogicServiceNow GRCArcherSOC 2 Trust Service CriteriaHITRUST CSFAWSAzureAPI integrationsWebhooksHealthcare complianceHIPAA Security RuleSecurity certificationsCISACISMCompTIA Security+CISSPNIST CSFISO 27001FedRAMPIdentity governance toolsMDM platformsCloud security posture managementJavaScriptPythonBashAIServiceNowRisk ManagementCommunicationCloud Security
About this role
Machinify is a leading healthcare intelligence company focused on delivering value and efficiency to health plan clients. The Security Engineer will play a critical role in configuring and integrating the GRC platform to support compliance management and risk program operations.
Responsibilities:
- Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities
- Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources
- Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles
- Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture
- Monitor control health dashboards and manage remediation workflows for failing or at-risk controls
- Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows
- Support access review automation through Vanta, ensuring timely completion and accurate documentation
- Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping
- Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features
- Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking
- Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library
- Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records
- Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements
- Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting
- Participate in security awareness program activities including content development and training delivery tracking
- Assist with regulatory documentation requirements including HIPAA privacy and security program documentation
- Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform
Requirements:
- Bachelor's degree in Information Security, Computer Science, Compliance, Risk Management, or related field, or equivalent work experience
- 3+ years of experience in information security, GRC, or a technical compliance role
- Hands-on experience with a GRC platform such as Vanta, Drata, Tugboat Logic, ServiceNow GRC, Archer or similar
- Working knowledge of SOC 2 Trust Service Criteria and HITRUST CSF control requirements
- Familiarity with cloud environments (AWS or Azure) sufficient to understand integration points and relevant compliance controls
- Experience with API integrations, webhooks, or similar mechanisms for connecting systems to compliance platforms
- Understanding of common compliance evidence types and audit workflows for security certifications
- Familiarity with healthcare compliance requirements, particularly HIPAA Security Rule
- Strong organizational skills for managing multiple compliance workstreams simultaneously
- Clear written communication for policy documentation, control narratives, and cross-functional stakeholder engagement
- Direct experience administering Vanta, including custom integrations and automated test configuration
- Scripting experience (Python, JavaScript, or Bash) for GRC automation or API-based integrations
- Security certifications such as CISA, CISM, CompTIA Security+, or CISSP
- Exposure to additional compliance frameworks such as NIST CSF, ISO 27001, FedRAMP, or state-level healthcare regulations
- Experience supporting compliance programs across multiple legal entities or in a post-merger integration environment
- Familiarity with identity governance tools, MDM platforms, or cloud security posture management (CSPM) tools and their compliance integration points
- Experience with customer-facing trust center management or security assurance programs