Security Engineer - GRC (Governance, Risk & Compliance)

<div class="content-intro">Machinify is a leading healthcare intelligence company with expertise across the payment continuum, delivering unmatched value, transparency, and efficiency to health plan clients across the country. Deployed by over 85 health plans, including many of the top 20, and representing more than 270 million lives, Machinify brings together a fully configurable and content-rich, AI-powered platform along with best-in-class expertise. We’re constantly reimagining what’s possible in our industry, creating disruptively simple, powerfully clear ways to maximize financial outcomes and drive down healthcare costs.</div><div>About the Opportunity:At Machinify, we’re building a robust security program to protect our clients’ sensitive healthcare data and maintain the highest standards of information security. As part of the Security GRC team, you will play a critical technical role in configuring, automating, and integrating Machinify’s GRC platform (Vanta) to support compliance management, audit readiness, and risk program operations across the organization.As a Security Engineer focused on GRC, you will bridge technical implementation and compliance requirements—helping streamline evidence collection, automate control monitoring, and connect Vanta to Machinify’s infrastructure and tooling. This role is well-suited for candidates with a mix of technical aptitude and compliance interest who want to build deep expertise in GRC platform engineering within a complex, multi-entity healthcare environment undergoing active transformation.What you’ll do:Primary Responsibilities – GRC Platform Engineering & Automation (70% of role):<ul><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Monitor control health dashboards and manage remediation workflows for failing or at-risk controls</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Support access review automation through Vanta, ensuring timely completion and accurate documentation</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features</li></ul>Supporting GRC Program Responsibilities (30% of role):<ul><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Participate in security awareness program activities including content development and training delivery tracking</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Assist with regulatory documentation requirements including HIPAA privacy and security program documentation</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform</li></ul>What experience you bring (Role Requirements):Essential Qualifications:<ul><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Bachelor’s degree in Information Security, Computer Science, Compliance, Risk Management, or related field, or equivalent work experience</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">3+ years of experience in information security, GRC, or a technical compliance role</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Hands-on experience with a GRC platform such as Vanta, Drata, Tugboat Logic, ServiceNow GRC, Archer or similar</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Working knowledge of SOC 2 Trust Service Criteria and HITRUST CSF control requirements</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Familiarity with cloud environments (AWS or Azure) sufficient to understand integration points and relevant compliance controls</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Experience with API integrations, webhooks, or similar mechanisms for connecting systems to compliance platforms</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Understanding of common compliance evidence types and audit workflows for security certifications</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Familiarity with healthcare compliance requirements, particularly HIPAA Security Rule</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Strong organizational skills for managing multiple compliance workstreams simultaneously</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Clear written communication for policy documentation, control narratives, and cross-functional stakeholder engagement</li></ul>Preferred Qualifications:<ul><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Direct experience administering Vanta, including custom integrations and automated test configuration</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Scripting experience (Python, JavaScript, or Bash) for GRC automation or API-based integrations</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Security certifications such as CISA, CISM, CompTIA Security+, or CISSP</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Exposure to additional compliance frameworks such as NIST CSF, ISO 27001, FedRAMP, or state-level healthcare regulations</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Experience supporting compliance programs across multiple legal entities or in a post-merger integration environment</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Familiarity with identity governance tools, MDM platforms, or cloud security posture management (CSPM) tools and their compliance integration points</li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Experience with customer-facing trust center management or security assurance programs</li></ul></div><div>What We Offer:</div><ul><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;">Work from anywhere in the US! Machinify is digital-first.</li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div>Top Medical/Dental/Vision offerings</div></li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div>FSA/HSA</div></li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div>Tuition reimbursement</div></li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div>Competitive salary, 401(k) with company match</div></li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div>Additional health and wellness benefits and perks</div></li><li style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;">Flexible and trusting environment where you’ll feel empowered to do your best work</li></ul><div>The salary for this position is based on an array of factors unique to each candidate: Such as years and depth of experience, set skills, certifications, etc.  We are hiring for different levels, and our Recruiting team will let you know if you qualify for a different role/range. </div><div> </div><div>Pay range: $90,000-$120,000</div><div class="content-conclusion"><div>Equal Employment Opportunity at Machinify</div><div> </div><div>We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace. Machinify is an employment at will employer. We participate in E-Verify as required by applicable law. In accordance with applicable state laws, we do not inquire about salary history during the recruitment process. If you require a reasonable accommodation to complete any part of the application or recruitment process, please let our recruiters know. See our Candidate Privacy Notice at: <a id="m_4907613542122963413OWAae7934b9-fa06-3f98-e336-0c5f8a6d5638" style="color: rgb(0, 0, 0);" href="https://www.machinify.com/candidate-privacy-notice/" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://www.machinify.com/candidate-privacy-notice/&source=gmail&ust=1763168899816000&usg=AOvVaw0FJrzi47RtxTK_RN63lbaj">https://www.machinify.com/candidate-privacy-notice/</a></div></div>

Security Engineer - GRC (Governance, Risk & Compliance)

USA Remote Jobs