Senior Governance Risk & Compliance Engineer

Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visitarcadia.io.Why This Role Is Important to Arcadia As Arcadia’s Sr. Governance, Risk, & Compliance (GRC) Engineer, you will ensure Arcadia maintains robust governance, risk, and compliance processes while leveraging technology to drive efficiencies. This role is central to implementing and maximizing Vanta’s capabilities, automating compliance workflows, and ensuring audit readiness. You will collaborate with teams across Arcadia to align compliance efforts with technical security and data protection requirements. The Sr. GRC Engineer will be a member of the Enterprise Information Security Assurance team. This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented.You will also support our annual compliance (e.g., SOC 2, ISO 27001, HITRUST) and customer audits.What Success Looks LikeIn 3 months- Gain deep familiarity with Vanta and Arcadia’s existing GRC processes- Support SOC 2, ISO 27001, and HITRUST audits by managing evidence gathering and automating controls using Vanta- Begin scripting automation workflows for control testing and evidence gathering using AWS, scripting tools, and Vanta- Develop an understanding of the vulnerability detection and remediation tracking process- Develop, manage, and maintain a registry of cyber security risks- Manage the risk acceptances and exceptions processIn 6 months- Implement Vanta’s advanced features to automate at least 60% of control testing and evidence gathering- Own and streamline vulnerability remediation tracking and reporting workflows- Collaborate with cross-functional teams to develop and enhance Arcadia’s GRC processes- Own Arcadia's trust portalIn 12 months- Maintain audit readiness for SOC 2, ISO 27001, and HITRUST- Manage ongoing compliance reporting and risk assessments using Vanta- Drive continuous improvements in compliance workflows and processes, ensuring scalability and efficiency- Increase automateof the evidence-gathering and continuance control monitoring to at least 80% of the for key compliance frameworks- Assist in the reduction of time-to-remediation for identified vulnerabilities by at least 20%- Reviewing security documentation on an annual basis- Assist in the management of audit processes- Manages evidence gathering for audits and assessments What You'll Be Doing Implementing and managing Vanta to its fullest potential, automating compliance workflows, and evidence gatheringEvaluating and integrating further APIs/integrations to enhance compliance management and reporting capabilitiesDeveloping and maintaining a registry of cybersecurity risks and controlsAutomating control testing using AWS, scripting, vendor’s APIs, and Vanta integrationsSupporting annual compliance audits (HITRUST, ISO27001, SOC 2) and customer assessments (and the preparation for both). Leading evidence collection and documentation processes for internal and external auditsMonitoring and reporting on compliance metrics and progress toward automation goalsCoordinating, tracking IT and security-related audits that includes scope, timelines, and outcomesStaying current with emerging GRC technologies, standards, and best practicesSupporting the Assurance team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST Certification; Along general state and federal healthcare, privacy, and security requirementsEnsuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirementsEnsuring compliance with Federal and State regulations / policies as they relate to healthcare privacy and securityManaging the reporting and tracking of the remediation of vulnerabilities within ArcadiaUpdating processes and providing metrics on vulnerabilities to better resolveAssisting in the automation of reporting metrics for compliance posture and leadership visibilityProviding the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectivesConducting detailed risk assessment and ensuring risks are mapped to appropriate controlsEnsuring infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)Maintaining a matrix of client compliance requirements and performing regular compliance reviewsMaintaining Arcadia's trust portal and managing access for existing, prospective customersMonitoring the implementation of any prescribed corrective actions resulting from client assessmentsSupporting the completion of privacy/security assessments and annual audits for customers/prospective customersSupporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning processMaintaining currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external) What You'll Bring Strong understanding of control frameworks (e.g., SOC 2, ISO 27001, HITRUST CSF, NIST 800-53, NIST CSF) and their implementationExperience using Vanta or similar GRC platformsHands-on experience with scripting tools (e.g., Python, PowerShell) and cloud platforms (e.g., AWS)Experience automating compliance workflows using tools like Vanta, AWS, or scriptingExcellent organizational and communication skills, with the ability to collaborate across teamsFamiliarity with HIPAA and other relevant healthcare and privacy regulationsProactive approach to problem-solving and continuous improvementAt least 2-3 years of healthcare compliance experienceExperience in vulnerability management or knowledge of the processBackground in healthcare technology, EHR implementation, and healthcare complianceAbility to work independently Would Love For You To Have 5-7 years of experience in GRC roles, including audit preparation and risk managementCertifications such as CISA, CISSP, CISM, or equivalentBackground in healthcare technology and familiarity with EHR systemsKnowledge of securing network technologies, client, and server operating systemsManagement of regulatory, internal, or external audits, or experience as an auditorStrong understanding of HIPAA, Medicare, and Medicaid requirements What You'll Get The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platformYou seek a fun culture that encourages you to speak up and fosters creative thinkingYou want to use your skills to make an impact on healthcareSupport for your development, including support for obtaining and maintaining certificationsAwesome work environmentCompetitive compensationGreat benefits like flextime time offBe a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive careA flexible, remote friendly company with personality and heartEmployee driven programs and initiatives for personal and professional development Be a member of the Arcadian and Barkadian Community Additional Information About ArcadiaArcadia.iohelps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health.We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time.We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore ourwebsite.Protect YourselfIf you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our website.This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.

Apply Now