Security Engineer GRC

Security Engineer GRC at Aledade, Inc.

Aledade, Inc. is actively seeking a Security Engineer GRC with a strong background in governance, risk, and compliance frameworks. In this pivotal role, you will be instrumental in designing, implementing, and maintaining robust GRC processes, ensuring strict adherence to critical healthcare security standards like HIPAA, HITRUST, and SOC2.

You will collaborate extensively with various internal teams to align GRC solutions with the organization's security requirements, fostering compliant and efficient operations across the enterprise. A key aspect of this position involves driving impactful compliance outcomes that directly enhance Aledade's regulatory posture and support essential security attestation initiatives. Your ability to partner effectively across teams is crucial as the company continues to mature its GRC capabilities.

Primary Duties

• Working cross-functionally to design, build, and operate GRC solutions that improve and mature our compliance capabilities.
  • Implement and optimize security questionnaire and trust assessment workflows.
  • Develop automated compliance monitoring and reporting mechanisms.
  • Design scalable GRC processes that support business growth.
• Leveraging data and risk analytics to understand compliance trends, metrics, and opportunities to improve our security posture, researching regulatory requirements, and then making recommendations to address compliance gaps with stakeholders.
  • Analyze security assessment results and third-party risk evaluations.
  • Track and report on key risk indicators and compliance metrics.
  • Research emerging GRC requirements and industry best practices.
• Supporting and enhancing incident/issues response efforts from a compliance perspective, contributing to analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and regulatory adherence.
  • Assess compliance implications of security incidents.
  • Support breach notification and regulatory reporting requirements.
  • Coordinate with legal and compliance teams on incident response.
• Helping craft and refine GRC documentation pertinent to our Security Program, such as policies, standards, risk assessments, and compliance procedures.
  • Maintain security questionnaire response repository and knowledge base.
  • Develop and update GRC policies, procedures, and control documentation.
  • Create compliance training materials and guidance documents.

Minimum Qualifications

• BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2+ years combined experience as a security or GRC professional in an enterprise environment (preferably healthcare or highly regulated industry).
• Experience in Governance, Risk, and Compliance functions, including hands-on experience with GRC frameworks (SOC2, HIPAA, HITRUST, NIST).

Preferred Knowledge, Skills and/or Abilities

• Domain Specific KSAs - Governance, Risk, and Compliance (GRC):
• Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).
• Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.

Who We Are

Aledade, a public benefit corporation founded in 2014, empowers independent primary care practices by helping them deliver better care to patients and thrive in value-based care models. We are the largest network of independent primary care in the country, aiming to flip the script on the traditional fee-for-service model and ensure primary care physicians are compensated for keeping patients healthy. Join our collaborative, inclusive, and remote-first culture to help create a healthcare system that benefits patients, practices, and society.

What This Means for You

At Aledade, you will be part of a creative culture that values tackling complex issues with respect, open-mindedness, and a desire to learn. You'll collaborate with a diverse team united by a passion for public health and a commitment to the Aledade mission.

Benefits

In addition to flexible work schedules and remote options for many roles, Aledade offers a comprehensive benefits package designed for overall team member well-being:

• Health, dental, and vision insurance paid up to 80% for employees, dependents, and domestic partners.
• Robust time-off plan (21 days of PTO in your first year), two paid volunteer days, and 11 paid holidays.
• 12 weeks paid parental leave for all new parents.
• Six weeks paid sabbatical after six years of service.
• Educational Assistant Program and Clinical Employee Reimbursement Program.
• 401(k) with up to 4% match.
• Stock options.
• And much more!

Key skills/competency

• GRC Frameworks (SOC2, HIPAA, HITRUST, NIST)
• Risk Assessment
• Compliance Monitoring
• Data Analytics
• GRC Platforms (Vanta, OneTrust)
• Cross-functional Collaboration
• Incident Response (Compliance)
• Policy Development
• Regulatory Reporting
• Security Attestation