Security Engineer II (GRC), Remote

Job Description

Primary Duties:

Customer Trust & Enablement: Manage the end-to-end lifecycle of inbound security questionnaires from partner physician practices. Ensure responses are technically accurate, timely, and reflect our latest security posture.

Third-Party Risk Management (TPRM): Lead security evaluations for Aledade’s vendors. Analyze SOC2 reports, penetration test results, and self-assessments to ensure our supply chain meets our rigorous healthcare security standards.

Knowledge Base Mastery: Maintain and optimize our security response repository. You’ll ensure our "Source of Truth" is updated as our infrastructure evolves

Process Optimization: Identify bottlenecks in the assessment workflow and implement scalable solutions, such as self-service "Trust Centers" for partners, to reduce the manual overhead of the GRC function.

Minimum Qualifications:

3 - 5 years of experience in Governance, Risk, and Compliance, Information Security or related fields.

Practical experience working with SOC2, HIPAA, SOX/ITGC, HITRUST, and CPRA.

Demonstrated experience preparing organizations for external audits and regulatory certifications.

Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer, or similar).

Preferred Knowledge, Skills and/or Abilities:

Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).

Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.

Physical Requirements:

Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.