FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Senior GRC Engineer
Employer Direct HealthcareSenior GRC Engineer building compliance infrastructure and governing AI systems for health-tech company Lantern. Requires strong coding skills and experience in GRC within healthcare.
Tech Stack
Tools & technologiesAWSAzureCloudPythonServiceNowSQL
About the role
Key responsibilities & impact- Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
- Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
- Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
- Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing
- Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
- Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
- Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
- Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools
- Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
- Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
- Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap
- Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
- Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
- Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase
Requirements
What you’ll need- 5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
- Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
- Has built something using an LLM or AI framework: a working tool, even a prototype.
- Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better
Benefits
Comp & perks- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Flexible Time Off
- Paid Parental Leave
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
PythonSQLAPIsGRCcompliance-as-codepolicy-as-codeautomated monitoringrisk assessmentsautomated evidence pipelinesKRI tracking
Soft Skills
problem-solvingengineering mindsetanalytical thinkingcommunicationcollaboration