Senior GRC Engineer

Job not on LinkedIn

🕒 February 20

🏢🏡 New York City – Hybrid

💵 $148k - $175k / year

⏰ Full Time

🟠 Senior

🚔 Compliance

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Ro

WebsiteLinkedInAll Job Openings

201 - 500 employees

Ro is a direct-to-patient healthcare company providing high-quality, affordable healthcare without the need for insurance. Ro is the only company to seamlessly connect telehealth and in-home care, diagnostics, labs, and pharmacy services nationwide. This is enabled by Ro’s vertically integrated platform that powers a personalized, end-to-end healthcare experience from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has facilitated more than eight million digital healthcare visits in nearly every county in the United States, including 98% of primary care deserts. Ro also provides its patient-centric solutions including Workpath, its in-home care API, and Kit, its at-home diagnostic testing service, to other healthcare companies.

📋 Description

• Serve as both a risk practitioner and automation engineer. Automate everything. • Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows • Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion • Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks • Partner with Security, IT, Infrastructure, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements • Support internal and external audits (SOC 2, HIPAA, HITRUST) • Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans. • Develop and maintain risk reporting, metrics, and executive summaries with BI tools (Looker, Hex, etc)

🎯 Requirements

• 5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles, including hands-on experience working with compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST, and PCI in modern, technology-driven environments. • 3+ years of experience with ongoing compliance operations, with demonstrated progression from manual evidence collection to automated, continuously monitored controls. • 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations as well as optimizing automated evidence workflows. • Working knowledge of cloud computing platforms (AWS, Azure, GCP) and how their native services and configurations support security and compliance requirements. • Expertise in using Looker (or similar BI tool; HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights. • Ability to automate data ingestion, transformation, and reporting using scripting or programmatic approaches (e.g., Python, JavaScript, APIs, Tines.) • Strong analytical and root cause analysis skills • Kindness, and an ability to communicate to all levels of the organization

🏖️ Benefits

• Full medical, dental, and vision insurance + OneMedical membership • Healthcare and Dependent Care FSA • 401(k) with company match • Flexible PTO • Wellbeing + Learning & Growth reimbursements • Paid parental leave + Fertility benefits • Pet insurance • Student loan refinancing • Virtual resources for mindfulness, counseling, and fitness