Have Copilot read job descriptions and extract out key info you want to know. Click "Analyze All" to try it out. Click on the Copilot's gear icon to customize the prompt.

Senior Governance Risk & Compliance Engineer

arcadia · 30+ days ago

Remote (USA)

Negotiable

Full-time

Continue

By pressing the button above, you agree to our Terms and Privacy Policy, and agree to receive email job alerts. You can unsubscribe anytime.

Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visit arcadia.io.

Why This Role Is Important to Arcadia

As Arcadia’s Sr. Governance, Risk, & Compliance (GRC) Engineer, you will ensure Arcadia maintains robust governance, risk, and compliance processes while leveraging technology to drive efficiencies. This role is central to implementing and maximizing Vanta’s capabilities, automating compliance workflows, and ensuring audit readiness. You will collaborate with teams across Arcadia to align compliance efforts with technical security and data protection requirements.

The Sr. GRC Engineer will be a member of the Enterprise Information Security Assurance team. This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented. You will also support our annual compliance (e.g., SOC 2, ISO 27001, HITRUST) and customer audits.

What Success Looks Like

In 3 months

- Gain deep familiarity with Vanta and Arcadia’s existing GRC processes

- Support SOC 2, ISO 27001, and HITRUST audits by managing evidence gathering and automating controls using Vanta

- Begin scripting automation workflows for control testing and evidence gathering using AWS, scripting tools, and Vanta

- Develop an understanding of the vulnerability detection and remediation tracking process

- Develop, manage, and maintain a registry of cyber security risks

- Manage the risk acceptances and exceptions process

In 6 months

- Implement Vanta’s advanced features to automate at least 60% of control testing and evidence gathering

- Own and streamline vulnerability remediation tracking and reporting workflows

- Collaborate with cross-functional teams to develop and enhance Arcadia’s GRC processes

- Own Arcadia's trust portal

In 12 months

- Maintain audit readiness for SOC 2, ISO 27001, and HITRUST

- Manage ongoing compliance reporting and risk assessments using Vanta

- Drive continuous improvements in compliance workflows and processes, ensuring scalability and efficiency

- Increase automateof the evidence-gathering and continuance control monitoring to at least 80% of the for key compliance frameworks

- Assist in the reduction of time-to-remediation for identified vulnerabilities by at least 20%

- Reviewing security documentation on an annual basis

- Assist in the management of audit processes

- Manages evidence gathering for audits and assessments

What You'll Be Doing

Implementing and managing Vanta to its fullest potential, automating compliance workflows, and evidence gathering
Evaluating and integrating further APIs/integrations to enhance compliance management and reporting capabilities
Developing and maintaining a registry of cybersecurity risks and controls
Automating control testing using AWS, scripting, vendor’s APIs, and Vanta integrations
Supporting annual compliance audits (HITRUST, ISO27001, SOC 2) and customer assessments (and the preparation for both). Leading evidence collection and documentation processes for internal and external audits
Monitoring and reporting on compliance metrics and progress toward automation goals
Coordinating, tracking IT and security-related audits that includes scope, timelines, and outcomes
Staying current with emerging GRC technologies, standards, and best practices
Supporting the Assurance team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST Certification; Along general state and federal healthcare, privacy, and security requirements
Ensuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirements
Ensuring compliance with Federal and State regulations / policies as they relate to healthcare privacy and security
Managing the reporting and tracking of the remediation of vulnerabilities within Arcadia
Updating processes and providing metrics on vulnerabilities to better resolve
Assisting in the automation of reporting metrics for compliance posture and leadership visibility
Providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives
Conducting detailed risk assessment and ensuring risks are mapped to appropriate controls
Ensuring infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)
Maintaining a matrix of client compliance requirements and performing regular compliance reviews
Maintaining Arcadia's trust portal and managing access for existing, prospective customers
Monitoring the implementation of any prescribed corrective actions resulting from client assessments
Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers
Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)
Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process
Maintaining currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external)

What You'll Bring

Strong understanding of control frameworks (e.g., SOC 2, ISO 27001, HITRUST CSF, NIST 800-53, NIST CSF) and their implementation
Experience using Vanta or similar GRC platforms
Hands-on experience with scripting tools (e.g., Python, PowerShell) and cloud platforms (e.g., AWS)
Experience automating compliance workflows using tools like Vanta, AWS, or scripting
Excellent organizational and communication skills, with the ability to collaborate across teams
Familiarity with HIPAA and other relevant healthcare and privacy regulations
Proactive approach to problem-solving and continuous improvement
At least 2-3 years of healthcare compliance experience
Experience in vulnerability management or knowledge of the process
Background in healthcare technology, EHR implementation, and healthcare compliance
Ability to work independently

Would Love For You To Have

5-7 years of experience in GRC roles, including audit preparation and risk management
Certifications such as CISA, CISSP, CISM, or equivalent
Background in healthcare technology and familiarity with EHR systems
Knowledge of securing network technologies, client, and server operating systems
Management of regulatory, internal, or external audits, or experience as an auditor
Strong understanding of HIPAA, Medicare, and Medicaid requirements

What You'll Get

The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
You seek a fun culture that encourages you to speak up and fosters creative thinking
You want to use your skills to make an impact on healthcare
Support for your development, including support for obtaining and maintaining certifications
Awesome work environment
Competitive compensation
Great benefits like flextime time off
Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
A flexible, remote friendly company with personality and heart
Employee driven programs and initiatives for personal and professional development
Be a member of the Arcadian and Barkadian Community

About Arcadia

Arcadia.io helps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health. We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore our website.

Protect Yourself

If you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our website.

This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.

•

Last updated on Jan 24, 2025

About the company

arcadia

More jobs at arcadia

Analyzing

Product Manager$133k+

Tulsa, Oklahoma

30+ days ago

Sales Director$123k+

Tulsa, Oklahoma

30+ days ago

Senior Analyst, Analytics$83k+

Remote, Oregon

30+ days ago

Customer Success Analyst

30+ days ago

Senior Customer Success Manager

30+ days ago

For job seekers

Job searchSearch millions of jobs

LaunchpadNew

Resume to business

Cover Letter StudioGenerate a cover letter

Add to ChatGPTFind and discuss jobs

For employers and recruiters

Resume ScreenerOrganize and rank candidates

Talent PipelinePre-order

Source top talent

Promote a jobReach more candidates

For everyone

Referral programEarn 30% commission

Get mobile appBrowse anywhere

Jobs API

Become a partner

Developed by Blake and Linh in the US and Vietnam.

We're interested in hearing what you like and don't like! Live chat with our founder or join our Discord

Changelog

🚀 LaunchpadNov 27

Create a site and sell services based on your resume.

🔥 Job search dashboardNov 13

Revamped job search UI with a sortable grid, live filtering, bookmarks, and application tracking.

🫡 Cover letter instructionsSep 27

New Studio settings give you control over AI output.

✨ Cover Letter StudioAug 9

Automatically generate cover letters for any job.

🎯 Suggested filtersAug 6

Copilot suggests additional filters above the results.

⚡️ Quick applicationsAug 2

Apply to jobs using info from your resume. Initial coverage of ~200k jobs in Spain, Germany, Austria, Switzerland, France, and the Netherlands.

🧠 Job AnalysisJul 12

Have Copilot read job descriptions and extract out key info you want to know. Click "Analyze All" to try it out. Click on the Copilot's gear icon to customize the prompt.