Senior Security Engineer - Compliance And Risk

About the role:

We are seeking a detail-oriented, proactive Security Compliance Engineer to join our Security team.

In this role, you will not just check boxes; you will own the governance and compliance lifecycle for critical security programs and, in many cases, be actively involved in implementation and remediation. You will ensure that our vulnerability management, privacy, data retention, and business continuity efforts meet the rigorous standards of SOC 2, HIPAA, and HITRUST, protecting our sensitive healthcare data and maintaining trust with our partners.

What you will do:

Vulnerability Management Governance

• Oversee the compliance aspect of the vulnerability management program, ensuring scans and remediation efforts adhere to SLAs.
• Track and report on remediation timelines to ensure evidence is audit-ready.
• Collaborate with engineering and IT teams to validate that exceptions are documented, risk-accepted, and reviewed periodically.
• Manage and handle "tracking technologies" to comply with partner requirements

Privacy & Data Governance

• Manage adherence to internal privacy policies and external regulations (HIPAA, State Laws, CCPA).
• Manage adherence to partner-specific health system requirements
• Monitor data retention schedules to ensure data is stored, archived, and purged in accordance with policy and legal requirements.
• Conduct periodic privacy impact assessments (PIAs) for new products or features.

Disaster Recovery (DR) & Business Continuity (BCP)

• Coordinate annual or bi-annual DR/BCP table-top exercises and technical tests.
• Maintain and update DR/BCP documentation, ensuring contact lists and recovery procedures are current.
• Review post-mortem reports from tests to ensure continuous improvement and compliance with availability trust principles.

Audit & Framework Management (SOC 2 & HITRUST)

• Serve as a primary point of contact for external auditors during SOC 2 and HITRUST assessments.
• Collect, organize, and review evidence on the controls for the programs above.
• Identify compliance gaps and drive remediation projects before external audits begin.

AI/ML in healthcare and emerging federal and state AI regulations

What we're looking for:

• Experience: 3-5+ years of experience in Information Security, Governance, Risk, Vulnerability Management, Compliance (GRC), or IT Audit.
• Program Management: Proven experience managing specific compliance verticals like vulnerability management or business continuity.
• Communication: Ability to translate compliance requirements into actionable technical tasks for engineering teams.
• Organization: Exceptional documentation skills-you understand that "if it isn't written down, it didn't happen."
• Influence: Ability to drive consensus and compliance across teams without direct management authority.

Benefits & Perks: #LI-Hybrid

• Hybrid work schedule with weekly lunches and stocked fridges
• Monthly social committees for company events
• 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
• Stock options for every full-time employee
• Paid parental leave
• 401k benefit
• Commuter Benefits
• Competitive health, dental, and vision insurance options