Jobs · himalayas
Security Engineer, GRC
Keystone AI · United States · Posted 11d ago
About the role
Manage and automate the Governance, Risk, and Compliance program for a large organization.
State of Location: Pennsylvania Position Summary: The Security Engineer will manage, scale, and automate our Governance, Risk, and Compliance (GRC) program supporting an organization of 7,500+ teammates across 750+ locations. This role focuses on building security policies, automating compliance workflows, and conducting third-party vendor risk assessments. Additionally, you will provide secondary engineering and analytical support to optimize our MSSP relationship, triage alerts, and refine SOC use cases. This role is primarily remote, with occasional travel required for projects, collaboration, and team building. Join Ivy Rehab’s dedicated team where you’re not just an employee, but a valued teammate! Together, we provide world-class care in physical therapy, occupational therapy, speech therapy, and applied behavior analysis (ABA) services. Our culture promotes authenticity, inclusion, growth, community, and a passion for exceptional care for every patient. Job Description: Responsibilities: Lead the design, rollout, and continuous improvement of the internal GRC framework and security architecture. Author, maintain, and help enforce information security policies, procedures, and control frameworks across the business. Identify opportunities to automate compliance tracking, evidence collection, and risk reporting workflows to eliminate manual processes. Ensure organizational alignment with industry standards (e.g., NIST CSF, HIPAA, HITRUST) and facilitate internal or external security assessments. Own the end-to-end third-party risk assessment process; evaluate vendor security postures, SOC 2 reports, and risk profiles prior to onboarding. Partner with legal, procurement, and business stakeholders to communicate vendor risks and negotiate necessary security safeguards. Manage and monitor the Data Loss Prevention (DLP) solution; triage data exfiltration alerts and partner with business units to implement, enforce, and refine data classification schemas Drive the security awareness training strategy; oversee automated phishing campaigns, measure program effectiveness, and deliver tailored education to mitigate human risk. Provide secondary support to SOC operations by validating alert triage and improving detection logic Collaborate to improve SIEM/SOC use cases, detection logic, and incident response workflows. Qualifications: Minimum 3-5 years of experience in Cybersecurity, with a focus on GRC or third-party risk management. Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field. Excellent communication, collaboration, and problem-solving skills Relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM). GIAC certifications, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) are a plus. Former NOC/SOC experience is highly desired. Deep understanding of security frameworks and standards such as NIST CSF, HIPAA, HITRUST. Proven ability to analyze vendor security documentation (SOC 2 Type II, SIG questionnaires, penetration test reports). Experience utilizing GRC platforms (e.g., SmartSuite, Archer, ServiceNow GRC, or similar), low-code/no-code platforms, or scripting to automate security processes and compliance mapping. Excellent communication and collaboration abilities – able to explain complex risk concepts to non-technical stakeholders and work cross-functionally to drive security initiatives. Why choose Ivy? Best Employer: A prestigious honor to be recognized by Modern Healthcare , signifying excellence in our industry and providing an outstanding workplace culture. Exceeding Expectations: Deliver best-in-class care and witness exceptional patient outcomes. Incentives Galore : Eligibility for full benefits package beginning within your first month of employment. Generous PTO (Paid Time Off) plans and paid holidays. Empowering Values: Live by values that prioritize teamwork, growth, and serving others. We are an equal opportunity employer, committed to diversity and inclusion in all aspects of the recruiting and employment process. Actual salaries depend on a variety of factors, including experience, specialty, education, and organizational need. Any listed salary range or contractual rate does not include bonuses/incentive, differential pay, or other forms of compensation or benefits. ivyrehab.com Originally posted on Himalayas
Read the full posting on himalayas →
FAQ
Is the Security Engineer, GRC role at Keystone AI remote?+
This Security Engineer, GRC position is listed as remote (United States).
What is the salary for the Security Engineer, GRC role at Keystone AI?+
The listing states Estimated 76k-163k USD.
What seniority level is this Security Engineer, GRC role?+
This is a mid level position.
How do I apply for the Security Engineer, GRC role at Keystone AI?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Keystone AI.