Remote Senior Security Engineer I (GRC), Remote

Description:

• As a Senior Security Engineer I at Aledade, you will play a central role in securing enterprise, cloud-native environments, and applications.
• The position focuses on governance, risk, compliance, privacy, data protection, industry frameworks, best practices, and regulatory requirements.
• Your efforts will support the protection of patients, employees, and Aledade as a whole, contributing to technology that saves lives and improves health.
• You will work cross-functionally to measure and report on risk, achieve and maintain compliance, manage assessments and audits, and contribute to security GRC strategy and advisory efforts.
• You will leverage data to understand trends, metrics, and opportunities to improve security posture and help execute on those opportunities with stakeholders.
• You will lead and enhance risk management efforts, conduct qualitative risk assessments and quantitative risk analysis, and manage third-party risk management (TPRM).
• You will participate in Customer Trust initiatives and be involved in mitigation strategies to ensure effective resolution and remediation of security risks and issues.
• You will help craft and refine security documentation pertinent to the Security Program, including policies, standards, baselines, and standard operating procedures.

Requirements:

• A Bachelor’s degree (or higher) in Computer Science, Information Technology, Cybersecurity, or a related field, or 6 years of security domain experience without a degree is required.
• A minimum of 4 years of combined experience as a GRC specialist in an enterprise environment, preferably cloud-based, across multiple disciplines is necessary.
• At least 3 years of relevant work experience in risk reporting, developing and collecting metrics, and working on audits and assessments is required.
• A minimum of 2 years of experience in performing third-party risk management activities is essential.
• Preferred knowledge includes security-specific and/or related certifications such as CISSP, CISA, CRISC, CDPSE, CIPP, GIAC, and AWS certifications.
• Knowledge of security frameworks, controls, regulations, and industry best practices such as NIST, ISO, SOX ITGC, HIPAA, HICP, and CCPA/CPRA is preferred.
• Experience in leading security GRC projects for dynamic organizations with demonstrated project management skills is desired.
• Familiarity with metrics like KRI, KPI, and OKR to measure security team service and program effectiveness is important.
• Experience implementing and managing GRC solutions and related technology tools/software is preferred.
• Knowledge and experience in risk quantification and associated reporting is a plus.
• A solid understanding of enterprise security technology, appliances, and tools is required.
• Experience with health-tech systems, such as Electronic Health Records and clinical data, is beneficial.
• A collaborative work style and the ability to develop and maintain effective working relationships both internally and externally is essential.
• Experience facilitating meetings with high-level, cross-functional teams is preferred.
• Exceptional verbal, written, and interpersonal communication skills are required.

Benefits:

• Aledade offers flexible work schedules and the ability to work remotely for many roles.
• Health, dental, and vision insurance is paid up to 80% for employees, dependents, and domestic partners.
• A robust time-off plan includes 21 days of PTO in your first year, 2 paid volunteer days, and 11 paid holidays.
• The company provides 12 weeks of paid parental leave for all new parents and 6 weeks of paid sabbatical after 6 years of service.
• An Educational Assistant Program and Clinical Employee Reimbursement Program are available.
• A 401(K) plan with up to a 4% match is offered.
• Stock options and many other benefits are included in the comprehensive benefits package.