Arcadia Logo

Arcadia

Senior Governance Risk & Compliance Engineer

Posted 13 Hours Ago
Remote
Senior level
Remote
Senior level
As a Senior Governance Risk & Compliance Engineer at Arcadia, you will implement and maximize Vanta’s capabilities to automate compliance workflows, support audits like SOC 2 and HITRUST, and ensure audit readiness while collaborating across teams to align GRC processes with security and data protection requirements.
The summary above was generated by AI

Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visit arcadia.io.


Why This Role Is Important to Arcadia


As Arcadia’s Sr. Governance, Risk, & Compliance (GRC) Engineer, you will ensure Arcadia maintains robust governance, risk, and compliance processes while leveraging technology to drive efficiencies. This role is central to implementing and maximizing Vanta’s capabilities, automating compliance workflows, and ensuring audit readiness. You will collaborate with teams across Arcadia to align compliance efforts with technical security and data protection requirements.


The Sr. GRC Engineer will be a member of the Enterprise Information Security Assurance team. This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented. You will also support our annual compliance (e.g., SOC 2, ISO 27001, HITRUST) and customer audits.


What Success Looks Like

In 3 months

- Gain deep familiarity with Vanta and Arcadia’s existing GRC processes

- Support SOC 2, ISO 27001, and HITRUST audits by managing evidence gathering and automating controls using Vanta

- Begin scripting automation workflows for control testing and evidence gathering using AWS, scripting tools, and Vanta

- Develop an understanding of the vulnerability detection and remediation tracking process

- Develop, manage, and maintain a registry of cyber security risks

- Manage the risk acceptances and exceptions process


In 6 months

- Implement Vanta’s advanced features to automate at least 60% of control testing and evidence gathering

- Own and streamline vulnerability remediation tracking and reporting workflows

- Collaborate with cross-functional teams to develop and enhance Arcadia’s GRC processes

- Own Arcadia's trust portal


In 12 months

- Maintain audit readiness for SOC 2, ISO 27001, and HITRUST

- Manage ongoing compliance reporting and risk assessments using Vanta

- Drive continuous improvements in compliance workflows and processes, ensuring scalability and efficiency

- Increase automateof the evidence-gathering and continuance control monitoring to at least 80% of the for key compliance frameworks

- Assist in the reduction of time-to-remediation for identified vulnerabilities by at least 20%

- Reviewing security documentation on an annual basis

- Assist in the management of audit processes

- Manages evidence gathering for audits and assessments

What You'll Be Doing

  • Implementing and managing Vanta to its fullest potential, automating compliance workflows, and evidence gathering
  • Evaluating and integrating further APIs/integrations to enhance compliance management and reporting capabilities
  • Developing and maintaining a registry of cybersecurity risks and controls
  • Automating control testing using AWS, scripting, vendor’s APIs, and Vanta integrations
  • Supporting annual compliance audits (HITRUST, ISO27001, SOC 2) and customer assessments (and the preparation for both). Leading evidence collection and documentation processes for internal and external audits
  • Monitoring and reporting on compliance metrics and progress toward automation goals
  • Coordinating, tracking IT and security-related audits that includes scope, timelines, and outcomes
  • Staying current with emerging GRC technologies, standards, and best practices
  • Supporting the Assurance team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST Certification; Along general state and federal healthcare, privacy, and security requirements
  • Ensuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirements
  • Ensuring compliance with Federal and State regulations / policies as they relate to healthcare privacy and security
  • Managing the reporting and tracking of the remediation of vulnerabilities within Arcadia
  • Updating processes and providing metrics on vulnerabilities to better resolve
  • Assisting in the automation of reporting metrics for compliance posture and leadership visibility
  • Providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives
  • Conducting detailed risk assessment and ensuring risks are mapped to appropriate controls
  • Ensuring infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)
  • Maintaining a matrix of client compliance requirements and performing regular compliance reviews
  • Maintaining Arcadia's trust portal and managing access for existing, prospective customers
  • Monitoring the implementation of any prescribed corrective actions resulting from client assessments
  • Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers
  • Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)
  • Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process
  • Maintaining currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external)

What You'll Bring

  • Strong understanding of control frameworks (e.g., SOC 2, ISO 27001, HITRUST CSF, NIST 800-53, NIST CSF) and their implementation
  • Experience using Vanta or similar GRC platforms
  • Hands-on experience with scripting tools (e.g., Python, PowerShell) and cloud platforms (e.g., AWS)
  • Experience automating compliance workflows using tools like Vanta, AWS, or scripting
  • Excellent organizational and communication skills, with the ability to collaborate across teams
  • Familiarity with HIPAA and other relevant healthcare and privacy regulations
  • Proactive approach to problem-solving and continuous improvement
  • At least 2-3 years of healthcare compliance experience
  • Experience in vulnerability management or knowledge of the process
  • Background in healthcare technology, EHR implementation, and healthcare compliance
  • Ability to work independently

Would Love For You To Have

  • 5-7 years of experience in GRC roles, including audit preparation and risk management
  • Certifications such as CISA, CISSP, CISM, or equivalent
  • Background in healthcare technology and familiarity with EHR systems
  • Knowledge of securing network technologies, client, and server operating systems
  • Management of regulatory, internal, or external audits, or experience as an auditor
  • Strong understanding of HIPAA, Medicare, and Medicaid requirements

What You'll Get

  • The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
  • You seek a fun culture that encourages you to speak up and fosters creative thinking
  • You want to use your skills to make an impact on healthcare
  • Support for your development, including support for obtaining and maintaining certifications
  • Awesome work environment
  • Competitive compensation
  • Great benefits like flextime time off
  • Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
  • A flexible, remote friendly company with personality and heart
  • Employee driven programs and initiatives for personal and professional development
  • Be a member of the Arcadian and Barkadian Community 

About Arcadia

Arcadia.io helps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health. We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore our website.


Protect Yourself

If you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our website.


This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.

Similar Jobs at Arcadia

2 Days Ago
Remote
USA
Mid level
Mid level
Big Data • Fitness • Healthtech • Software • Analytics • Energy
The Data Engineer at Arcadia will design, build and test data connectors and ingestion pipelines, contributing to the integration of client claim and clinical data platforms. Responsibilities include peer code reviews, sprint planning, and maintaining JIRA tasks. The role requires problem solving for coding and data analysis issues within a dynamic healthcare environment.
2 Days Ago
Remote
USA
Senior level
Senior level
Big Data • Fitness • Healthtech • Software • Analytics • Energy
The Senior Software Engineer, Quality & Test is responsible for leading quality initiatives across applications and API services in healthcare. This role involves establishing quality standards, developing testing strategies, promoting collaboration among teams, and ensuring effective solutions. The position requires strong leadership and technical skills to advocate for quality assurance practices and integrate them into the product lifecycle.
Top Skills: AngularAWSCypressElasticsearchGraphQLJavaMicronautNestjsPlaywrightPostgresPythonTypescript
12 Days Ago
Remote
USA
Mid level
Mid level
Big Data • Fitness • Healthtech • Software • Analytics • Energy
The Senior Engineer, Analytics will work in a collaborative team environment to optimize analytics products using SAS. Responsibilities include maintaining data pipelines, optimizing code for reporting, and providing guidance on coding best practices. The role focuses on leveraging data analysis to improve healthcare delivery while managing productionalized data sets.

What you need to know about the Ottawa Tech Scene

The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account