Sr. GRC Engineer

What You’ll Do:

• Serve as both a risk practitioner and automation engineer. Automate everything.
• Own and maintain the compliance platform (Vanta) including control mapping evidence collection continuous monitoring and audit workflows
• Perform risk assessments vendor security reviews and control gap analyses and track remediation through to completion
• Manage control documentation policies procedures and supporting artifacts across multiple compliance frameworks
• Partner with Security IT Infrastructure and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
• Support internal and external audits (SOC 2 HIPAA HITRUST)
• Own and maintain the cyber risk register collaborating with risk owners to quantify risks and develop remediation plans.
• Develop and maintain risk reporting metrics and executive summaries with BI tools (Looker Hex etc)

What You’ll Bring to the Team:

• 5+ years of combined experience across governance risk compliance security engineering or adjacent technical roles including hands-on experience working with compliance frameworks such as SOC 2 HIPAA HITRUST NIST and PCI in modern technology-driven environments.
• 3+ years of experience with ongoing compliance operations with demonstrated progression from manual evidence collection to automated continuously monitored controls.
• 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g. Vanta Drata SecureFrame) including configuring and creating custom integrations as well as optimizing automated evidence workflows.
• Working knowledge of cloud computing platforms (AWS Azure GCP) and how their native services and configurations support security and compliance requirements. 
• Expertise in using Looker (or similar BI tool; HEX) to create dashboards generate reports and visualize GRC data for stakeholders with a focus on simplifying complex data into actionable insights.
• Ability to automate data ingestion transformation and reporting using scripting or programmatic approaches (e.g. Python JavaScript APIs Tines.)
• Strong analytical and root cause analysis skills
• Kindness and an ability to communicate to all levels of the organization

Bonus Points

• Advanced GRC Automation & Engineering Mindset (custom automatons or workflows beyond out-of-the-box compliance tools)

We’ve Got You Covered:

• Full medical dental and vision insurance + OneMedical membership
• Healthcare and Dependent Care FSA
• 401(k) with company match
• Flexible PTO
• Wellbeing + Learning & Growth reimbursements
• Paid parental leave + Fertility benefits
• Pet insurance
• Student loan refinancing
• Virtual resources for mindfulness counseling and fitness

What We Do

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest most effective care possible. Ro is the only company to offer nationwide telehealth labs and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient end-to-end healthcare experience spanning from diagnosis to delivery of medication to ongoing care. Since 2017 Ro has helped millions of patients in nearly every single county in the United States including 98% of primary care deserts.

Why Work With Us

Ro is powering quality care at scale. The Ro Operating System (ro.OS) vertically integrates the core parts of healthcare bringing together nationwide telehealth lab and pharmacy services on one platform. The result? ro.OS makes it easier for patients to access and providers to deliver high-quality care – millions of times over.

Gallery