Security Engineer – GRC, Governance, Risk & Compliance
Posted 2026-05-06
Remote, USA
Full-time
Immediate Start
- Job Description:
- Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities
- Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources
- Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles
- Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture
- Monitor control health dashboards and manage remediation workflows for failing or at-risk controls
- Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows
- Support access review automation through Vanta, ensuring timely completion and accurate documentation
- Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping
- Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features
- Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking
- Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library
- Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records
- Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements
- Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting
- Participate in security awareness program activities including content development and training delivery tracking
- Assist with regulatory documentation requirements including HIPAA privacy and security program documentation
- Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform.
- Requirements:
- Bachelor’s degree in Information Security, Computer Science, Compliance, Risk Management, or related field, or equivalent work experience
- 3+ years of experience in information security, GRC, or a technical compliance role
- Hands-on experience with a GRC platform such as Vanta, Drata, Tugboat Logic, ServiceNow GRC, Archer or similar
- Working knowledge of SOC 2 Trust Service Criteria and HITRUST CSF control requirements
- Familiarity with cloud environments (AWS or Azure) sufficient to understand integration points and relevant compliance controls
- Experience with API integrations, webhooks, or similar mechanisms for connecting systems to compliance platforms
- Understanding of common compliance evidence types and audit workflows for security certifications
- Familiarity with healthcare compliance requirements, particularly HIPAA Security Rule
- Strong organizational skills for managing multiple compliance workstreams simultaneously
- Clear written communication for policy documentation, control narratives, and cross-functional stakeholder engagement.
- Benefits:
- Work from anywhere in the US! Machinify is digital-first.
- Top Medical/Dental/Vision offerings
- FSA/HSA
- Tuition reimbursement
- Competitive salary, 401(k) with company match
- Additional health and wellness benefits and perks
- Flexible and trusting environment where you’ll feel empowered to do your best work