Security Engineer II – GRC

Aledade, Inc.

full-time

Posted on: 2/4/2026

Location Type: Remote

✨ AI Apply

About the role

Manage the end-to-end lifecycle of inbound security questionnaires from partner physician practices. Ensure responses are technically accurate, timely, and reflect our latest security posture.
Lead security evaluations for Aledade’s vendors. Analyze SOC2 reports, penetration test results, and self-assessments to ensure our supply chain meets our rigorous healthcare security standards.
Maintain and optimize our security response repository. You’ll ensure our "Source of Truth" is updated as our infrastructure evolves
Identify bottlenecks in the assessment workflow and implement scalable solutions, such as self-service "Trust Centers" for partners, to reduce the manual overhead of the GRC function.

3 - 5 years of experience in Governance, Risk, and Compliance, Information Security or related fields.
Practical experience working with SOC2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
Demonstrated experience preparing organizations for external audits and regulatory certifications.
Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer, or similar).

Benefits

Flexible work schedules and the ability to work remotely are available for many roles
Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners
Robust time-off plan (21 days of PTO in your first year)
Two paid volunteer days and 11 paid holidays
12 weeks paid parental leave for all new parents
Six weeks paid sabbatical after six years of service
Educational Assistant Program and Clinical Employee Reimbursement Program
401(k) with up to 4% match
Stock options
And much more!

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GovernanceRisk ManagementComplianceInformation SecuritySOC2HIPAASOXHITRUSTCPRAExternal Audits

Soft Skills

LeadershipAnalytical SkillsProblem SolvingCommunicationOrganizational Skills