Security Engineer - GRC (Governance, Risk & Compliance)

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Compliance, Risk Management, or related field, or equivalent work experience.
• 3+ years of experience in information security, GRC, or a technical compliance role.
• Hands-on experience with a GRC platform such as Vanta, Drata, Tugboat Logic, ServiceNow GRC, Archer or similar.
• Working knowledge of SOC 2 Trust Service Criteria and HITRUST CSF control requirements.
• Familiarity with cloud environments (AWS or Azure) sufficient to understand integration points and relevant compliance controls.
• Experience with API integrations, webhooks, or similar mechanisms for connecting systems to compliance platforms.
• Understanding of common compliance evidence types and audit workflows for security certifications.
• Familiarity with healthcare compliance requirements, particularly HIPAA Security Rule.
• Strong organizational skills for managing multiple compliance workstreams simultaneously.
• Clear written communication for policy documentation, control narratives, and cross-functional stakeholder engagement.

Nice To Haves

• Direct experience administering Vanta, including custom integrations and automated test configuration.
• Scripting experience (Python, JavaScript, or Bash) for GRC automation or API-based integrations.
• Security certifications such as CISA, CISM, CompTIA Security+, or CISSP.
• Exposure to additional compliance frameworks such as NIST CSF, ISO 27001, FedRAMP, or state-level healthcare regulations.
• Experience supporting compliance programs across multiple legal entities or in a post-merger integration environment.
• Familiarity with identity governance tools, MDM platforms, or cloud security posture management (CSPM) tools and their compliance integration points.
• Experience with customer-facing trust center management or security assurance programs.

Responsibilities

• Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities.
• Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources.
• Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles.
• Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture.
• Monitor control health dashboards and manage remediation workflows for failing or at-risk controls.
• Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows.
• Support access review automation through Vanta, ensuring timely completion and accurate documentation.
• Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping.
• Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features.
• Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking.
• Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library.
• Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records.
• Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements.
• Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting.
• Participate in security awareness program activities including content development and training delivery tracking.
• Assist with regulatory documentation requirements including HIPAA privacy and security program documentation.
• Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform.

Benefits

• Work from anywhere in the US!
• Top Medical/Dental/Vision offerings
• FSA/HSA
• Tuition reimbursement
• Competitive salary
• 401(k) with company match
• Additional health and wellness benefits and perks
• Flexible and trusting environment where you’ll feel empowered to do your best work