Security Engineer – GRC, Governance, Risk & Compliance

Job Description:

• Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities
• Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources
• Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles
• Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture
• Monitor control health dashboards and manage remediation workflows for failing or at-risk controls
• Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows
• Support access review automation through Vanta, ensuring timely completion and accurate documentation
• Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping
• Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features
• Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking
• Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library
• Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records
• Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements
• Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting
• Participate in security awareness program activities including content development and training delivery tracking
• Assist with regulatory documentation requirements including HIPAA privacy and security program documentation
• Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform.

Requirements:

• Bachelor’s degree in Information Security, Computer Science, Compliance, Risk Management, or related field, or equivalent work experience
• 3+ years of experience in information security, GRC, or a technical compliance role
• Hands-on experience with a GRC platform such as Vanta, Drata, Tugboat Logic, ServiceNow GRC, Archer or similar
• Working knowledge of SOC 2 Trust Service Criteria and HITRUST CSF control requirements
• Familiarity with cloud environments (AWS or Azure) sufficient to understand integration points and relevant compliance controls
• Experience with API integrations, webhooks, or similar mechanisms for connecting systems to compliance platforms
• Understanding of common compliance evidence types and audit workflows for security certifications
• Familiarity with healthcare compliance requirements, particularly HIPAA Security Rule
• Strong organizational skills for managing multiple compliance workstreams simultaneously
• Clear written communication for policy documentation, control narratives, and cross-functional stakeholder engagement.

Benefits:

• Work from anywhere in the US! Machinify is digital-first.
• Top Medical/Dental/Vision offerings
• FSA/HSA
• Tuition reimbursement
• Competitive salary, 401(k) with company match
• Additional health and wellness benefits and perks
• Flexible and trusting environment where you’ll feel empowered to do your best work

Apply tot his job Apply To this Job