Security Engineer II; GRC), Remote

Overview

We re looking for someone with solid expertise in GRC frameworks, risk assessment methodologies, and compliance standards. You ll leverage this knowledge to:

1. Design, implement, and maintain robust governance, risk, and compliance processes, ensuring adherence to healthcare security standards including HIPAA, HITRUST, and SOC
2.

2. Collaborate cross-functionally with various teams to align GRC solutions with organizational security requirements, facilitating compliant and efficient operations across the enterprise.

3. Drive impactful compliance outcomes that directly strengthen our regulatory posture and support our critical security attestation initiatives.

Your ability to partner effectively across teams will be crucial in this role as we continue to mature our GRC capabilities.

• Working cross-functionally to design, build, and operate GRC solutions that improve and mature our compliance capabilities.
• a. Implement and optimize security questionnaire and trust assessment workflows
• b. Develop automated compliance monitoring and reporting mechanisms
• c. Design scalable GRC processes that support business growth

• Leveraging data and risk analytics to understand compliance trends, metrics, and opportunities to improve our security posture, researching regulatory requirements, and then making recommendations to address compliance gaps with stakeholders.
• a. Analyze security assessment results and third-party risk evaluations
• b. Track and report on key risk indicators and compliance metrics
• c. Research emerging GRC requirements and industry best practices

• Supporting and enhancing incident/issues response efforts from a compliance perspective, contributing to analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and regulatory adherence
• a. Assess compliance implications of security incidents
• b. Support breach notification and regulatory reporting requirements
• c. Coordinate with legal and compliance teams on incident response

• Helping craft and refine GRC documentation pertinent to our Security Program, such as policies, standards, risk assessments, and compliance procedures
• a. Maintain security questionnaire response repository and knowledge base
• b. Develop and update GRC policies, procedures, and control documentation
• c. Create compliance training materials and guidance documents

• BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field.
• 2+ years combined experience as a security or GRC professional in an enterprise environment (preferably healthcare or highly regulated industry).
• Experience in Governance, Risk, and Compliance functions, including hands-on experience with GRC frameworks (SOC2, HIPAA, HITRUST, NIST).

• Domain Specific KSAs - Governance, Risk, and Compliance (GRC):
• Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).
• Skilled in leveraging GRC platforms (e.g., Vanta, One Trust) to automate compliance and streamline controls monitoring.

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.

Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we ve become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model.

Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you re eager to join a collaborative, inclusive and remote-first culture - you ve come to the right place.

At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission.

In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members:

Flexible work schedules and the ability to work remotely are available for many roles

Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners

Robust time-off plan…