Security Engineer II

Job Summary

A company is looking for a Security Engineer II (GRC), Remote.

Key Responsibilities:

• Manage the end-to-end lifecycle of inbound security questionnaires from partner physician practices
• Lead security evaluations for vendors, analyzing SOC2 reports and other assessments
• Maintain and optimize the security response repository, ensuring it reflects the latest infrastructure changes

Required Qualifications:

• 3 - 5 years of experience in Governance, Risk, and Compliance, or Information Security
• Practical experience with SOC2, HIPAA, SOX/ITGC, HITRUST, and CPRA
• Experience preparing organizations for external audits and regulatory certifications
• Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer)