Aledade

Senior Security Engineer I (GRC), Remote

Job Description

As a Senior Security Engineer I at Aledade, you play a central role in helping secure our enterprise, cloud native environments, and applications. We’re looking for a security GRC engineer that understands that governance, risk, compliance, privacy, data protection, industry frameworks & best practices, and regulatory requirements are important ingredients to our mission. 

Beyond GRC and technical expertise, your efforts will support protecting patients, our employees, and Aledade as a whole. Our technology saves lives and improves the mental and physical health for millions of people. At Aledade, we empower primary care physicians with technology to keep their patients healthy, preventing unnecessary hospitalizations.



Primary Duties:
  • Working cross-functionally to measure & report on risk, achieve & maintain compliance, manage assessments/audits, and contribute to security GRC strategy & advisory efforts
  • Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
  • Leading and enhancing risk management efforts, spearheading qualitative risk assessments & quantitative risk analysis, responsible for third party risk management (TPRM), participate in Customer Trust and involved in mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security risks / issues
  • Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures

    • Minimum Qualifications:
  • Bachelor (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 6 years security domain experience without degree
  • 4+ years combined experience as a GRC specialist in an enterprise environment (preferably cloud) across multiple disciplines
  • 3+ years of relevant work experience in risk reporting, developing & collecting metrics, and working on audits/assessments
  • 2+ years of experience in performing third party risk management activities

    • Preferred Knowledge, Skills and/or Abilities:
  • Security specific and/or related certifications (e.g. CISSP, CISA, CRISC, CDPSE, CIPP, GIAC, AWS certifications)
  • Knowledge of security frameworks, controls, regulations and industry best practices (e.g. NIST, ISO, SOX ITGC, HIPAA, HICP, CCPA/CPRA)
  • Experience in participating in and leading security GRC projects for a dynamic organization with demonstrated project management skills and driving accountability for meeting deliverables within established timelines
  • Significant familiarity with metrics (e.g. KRI, KPI, OKR) to measure security team service and program effectiveness & consistency
  • Experience implementing, refining and managing the utilization of GRC solutions and related technology tools/software
  • Knowledge & experience in risk quantification (e.g. FAIR) and associated reporting
  • Solid understanding of enterprise security technology, appliances, and tools
  • Experience with health-tech systems, like Electronic Health Records, Clinical data, etc.
  • Knowledge of security technology and relevant security risks, controls, and vulnerabilities
  • Collaborative work style, ability to develop and maintain effective working relationships both
  • internal and external to the organization
  • Experience facilitating meetings with high level, cross-functional teams
  • Exceptional verbal, written and interpersonal communication skills 

    • Apply Now
    Job Summary

    3pillar Global

    Mid Fullstack Java Engineer (cybersecurity project)

    👋 Greetings, future tech savant: Embark on an exciting journey into the realm of software development with 3Pillar! We extend an invitation for you to join our team;
    • Moldova Only
    • 8 days ago

    Proficio

    Information Security Analyst Level I - SIEM

    Proficio is an award-winning managed detection and response (MDR) services provider. We provide 24/7 security monitoring, investigation, alerting and response services to;
    • Spain Only
    • 29 days ago

    3pillar Global

    Mid Fullstack Java Engineer (cybersecurity project)

    👋 Greetings, future tech savant: Embark on an exciting journey into the realm of software development with 3Pillar! We extend an invitation for you to join our team;
    • Romania Only
    • 8 days ago

    Voleon

    Senior Cloud Security Engineer

    Voleon is a technology company that applies state-of-the-art machine learning techniques to real-world problems in finance. For more than a decade, we have led our indust;
    • USA Only
    • 10 days ago