Senior Security Engineer - Compliance and Risk

Job description

About the role: We are seeking a detail-oriented, proactive Security Compliance Engineer to join our Security team. In this role, you will not just check boxes; you will own the governance and compliance lifecycle for critical security programs and, in many cases, be actively involved in implementation and remediation. You will ensure that our vulnerability management, privacy, data retention, and business continuity efforts meet the rigorous standards of SOC 2, HIPAA, and HITRUST , protecting our sensitive healthcare data and maintaining trust with our partners. What you will do: Vulnerability Management Governance - Oversee the compliance aspect of the vulnerability management program, ensuring scans and remediation efforts adhere to SLAs. - Track and report on remediation timelines to ensure evidence is audit-ready. - Collaborate with engineering and IT teams to validate that exceptions are documented, risk-accepted, and reviewed periodically. - Manage and handle “tracking technologies” to comply with partner requirements Privacy & Data Governance: Disaster Recovery (DR) & Business Continuity (BCP) Audit & Framework Management (SOC 2 & HITRUST) AI/ML in healthcare and emerging f...