GRC Engineer

Charlie Health
$130,000 - $175,000

About The Position

The GRC Engineer is responsible for transforming Charlie Health’s compliance, risk and control programs into automated, measurable and continuously monitored systems. This is a hands-on engineering role focused on building the technical foundations that support HIPAA, SOC 2, NIST and other compliance requirements. This role will partner closely with Information Security, IT Engineering, Compliance, Legal, Engineering and business teams to translate regulatory, contractual and risk requirements into automated controls, evidence pipelines, dashboards, workflows and continuous control monitoring. Our Information Security and IT organizations treat compliance as an engineering discipline. We value ownership, automation, measurable outcomes, reliability, auditability and continuous improvement. The GRC Engineer will help move Charlie Health from manual, point-in-time compliance activities toward scalable, system-driven assurance. Charlie Health operates in a highly regulated healthcare environment. This role will help ensure that controls protecting patient, clinician, employee and company data are well-designed, consistently operated and supported by reliable evidence.

Requirements

  • 5+ years of experience in GRC engineering, security engineering, compliance automation, IT risk, security operations, cloud security, infrastructure engineering or a related technical discipline
  • Hands-on experience translating compliance, risk or security requirements into technical controls, workflows or automations
  • Experience with frameworks such as HIPAA, SOC 2, NIST, ISO 27001, HITRUST, PCI or FedRAMP
  • Experience working with enterprise systems such as Okta, Google Workspace, AWS, Jamf, Intune, SentinelOne, Wiz, Jira, Confluence, Slack or similar platforms
  • Experience using APIs, scripting or workflow automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON
  • Experience with audit evidence collection, control testing, remediation tracking or compliance reporting
  • Familiarity with GRC platforms, compliance automation tools, ticketing systems or control monitoring systems
  • Strong understanding of access control, endpoint security, cloud security, logging, vulnerability management and data protection concepts
  • Ability to work cross-functionally with Security, IT Engineering, Compliance, Legal and business stakeholders
  • Strong analytical thinking, ownership and ability to operate independently in ambiguous environments

Nice To Haves

  • Experience in healthcare or other regulated environments
  • Experience supporting HIPAA, SOC 2, NIST, HITRUST, ISO 27001 or similar programs
  • Experience building automated evidence pipelines or continuous control monitoring capabilities
  • Experience with GRC or compliance automation platforms such as Vanta, Drata, Secureframe, AuditBoard, Archer, ServiceNow GRC or similar tools
  • Experience with data analytics, dashboards, SQL, BI tools or control reporting
  • Experience supporting customer security reviews, vendor assessments or audit response workflows
  • Experience with AI governance, AI risk management, LLM platforms or AI-enabled compliance automation
  • Familiarity with Zero Trust principles and identity-centric security models

Responsibilities

  • Design, build and operate automated controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks
  • Translate compliance requirements into technical control logic, workflows, integrations, dashboards and evidence pipelines
  • Build scalable systems that reduce manual compliance work and improve confidence in control effectiveness
  • Partner with Security, IT, Compliance and Engineering teams to embed control requirements into systems and operating processes
  • Build and maintain continuous control monitoring capabilities across identity, endpoints, cloud, SaaS platforms, security tools and business systems
  • Define control health metrics, thresholds, alerts and reporting mechanisms
  • Identify control gaps, exceptions and drift, then partner with control owners to drive remediation
  • Improve visibility into the design, operation and effectiveness of key controls
  • Automate audit evidence collection across systems such as Okta, Google Workspace, Jamf, Intune, SentinelOne, Wiz, AWS, Jira, Confluence, Slack and GRC platforms
  • Build repeatable evidence workflows that support HIPAA, SOC 2, customer due diligence, vendor assessments and internal risk reviews
  • Improve the quality, consistency and traceability of audit evidence
  • Partner with Compliance, Legal and external auditors to reduce audit burden and improve readiness
  • Configure and improve GRC platforms, compliance tools, ticketing systems, documentation repositories and reporting workflows
  • Build integrations between GRC systems and source systems of record using APIs, webhooks, scripts and workflow automation tools
  • Develop dashboards and reports that show control health, remediation status, audit readiness and risk trends
  • Maintain documentation for control logic, data sources, automations and operational procedures
  • Support risk and control assessments by providing technical analysis, control evidence and remediation tracking
  • Build workflows for risk acceptance, exception management, corrective action plans and control remediation
  • Partner with control owners to ensure findings are tracked, prioritized and resolved
  • Help define metrics that measure risk reduction, compliance maturity and control reliability
  • Help evaluate how AI tools, LLM platforms and AI-enabled workflows affect compliance, privacy and security requirements
  • Support governance controls for enterprise AI adoption, including access, logging, data protection, review workflows and evidence collection
  • Identify opportunities to use automation and AI responsibly to improve GRC operations
  • Stay current on emerging approaches to compliance automation, continuous assurance and AI-enabled GRC

Benefits

  • Comprehensive benefits to all full-time employees
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service