Senior Engineer, GRC – Audit & Compliance
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Engineer overseeing audit and compliance programs at NextGen Healthcare, ensuring alignment with regulatory and security requirements. Leading audit lifecycle and optimizing GRC solutions for efficient compliance operations.
Responsibilities:
- Responsible for leading the organization’s audit and compliance programs, ensuring continuous alignment with regulatory, contractual, and security framework requirements.
- Owns the end-to-end audit lifecycle, including planning, readiness, evidence management, auditor coordination, and remediation tracking across frameworks such as SOC 2, HITRUST, PCI DSS, HIPAA, and NIST CSF.
- Act as the primary liaison between internal stakeholders and external auditors, ensuring audit readiness and sustained compliance posture.
- Operates as a senior individual contributor responsible for driving compliance execution, maintaining control frameworks, and leveraging GRC tools to enable scalable and efficient compliance operations.
- Leverage tools and technology to support Information Security audit, compliance, and GRC initiatives across the Information Security Program
- Act as system administrator for certain security or GRC tools such as phishing and training platforms, GRC/IT Risk Management tools, Third Party Risk Management (TPRM) platforms, Risk Register, privacy management, etc.
- Integrate related tools and workflows with other systems as needed.
- Engage with internal stakeholders and security vendors on design sessions, and help configure and optimize GRC solutions and compliance workflows.
- Work with IT partners in Application Security, Security Engineering and Operations, Enterprise Applications, Desktop Support, Help Desk, Networking and Infrastructure Operations, to get data and information needed to support GRC work and audit & compliance activities.
- Collaborate with IT teams and Information Security teams to obtain security and operational data needed to support audit, compliance, and risk assessment activities.
- Work with IT teams and partners to align GRC objectives with enterprise security controls and operational processes including cybersecurity / technology solutions such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, etc.
- Support data analysis, metrics, dashboards and reporting activities by pulling data from source systems.
- Stay current with evolving regulatory requirements, compliance frameworks, industry trends, threat intelligence and make recommendations for process and control improvements.
- Participate in security incidents and support related audit, compliance and remediation activities as needed.
- Support security assessment requests for customers, HITRUST, SOC 2, etc. by pulling appropriate data as needed.
- Work with IT partners to align GRC requirements with operational processes such as secure software development life cycle, software engineering, infrastructure, network, etc.
- Maximize the utilization of GRC tools and technology to improve program efficiency and audit readiness
- Assist with the development and maintenance of policies, procedures and compliance documentation.
- Stay current with changes in information security and cybersecurity regulations, industry frameworks, and best practices, and apply them to existing NextGen GRC solutions and processes.
- Use GRC and security engineering skills to help streamline or automate NextGen methodology for maintaining accreditations or certifications (e.g., SOC 2, HITRUST, etc.).
- Use GRC and security engineering skills to help streamline or automate NextGen methodology for responding to customer security assessments or questionnaires.
Requirements:
- Bachelor's Degree in Computer Science or related discipline or advanced degree.
- 4-6 years of relevant experience or advanced Degree.
- GRC/Security engineering experience, including supporting information security or cybersecurity solutions.
- Experience working with security technology, GRC tools, or processes such as phishing campaigns, vulnerability scans, IRPs, playbooks, IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, threat hunting, etc.
- Experience with one or more of the following frameworks: COSO, NIST CSF, RMF, ISO, COBIT.
- Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), AICPA System and Organization Controls 2(SOC 2) , Payment Card Industry (PCI), or related GRC frameworks
- Information security or cybersecurity related certifications such as CISA, CISSP, CISM, CRISC, CEH, GIAC (GCFA), or ability to acquire certification within 18 months.
- HITRUST Framework and CSF certification knowledge.
- IT / security processes or tools such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, IRP, backups, DR & BCP, playbooks, MSP or MSSP, MDR or XDR, 24x7 SOC, endpoint security, SIEM, vulnerability scans, patching, pen testing, red/blue/purple teaming, tabletop exercises, encryption at rest and in transit, networking, firewalls, infrastructure, colo data centers, hosted environments such as Azure, AWS, or Google Cloud, and Active Directory.
Benefits:
- Benefits includes health insurance, retirement plans, paid time off, flexible work arrangements, professional development opportunities, bonuses, stock options, equipment allowances, wellness programs
Similar Jobs
Senior GRC Analyst
Senior GRC Analyst at Doppler managing security and compliance programs. Ensuring SOC 2 Type II and ISO 27001 certifications while collaborating across teams.
Compliance Program Coordinator
Compliance Program Coordinator providing administrative support for AICPA Peer Review Program. Managing workflows, ensuring compliance, and supporting peer review processes.
Technical GRC Specialist
Technical GRC Specialist focusing on enhancing cybersecurity measures and managing vendor risk at an AI-powered support automation platform. Collaborating with teams to ensure compliance and audit readiness.
Corporate Telecom Compliance Manager
Strategy & Operations role focusing on telecommunications compliance at Twilio. Leading strategic execution and governance for global communications platform compliance initiatives.
Vice President, Compliance & Risk Management
Vice President Compliance & Risk Management leading healthcare compliance initiatives and risk management strategy for Emerus. Develop and implement comprehensive frameworks to support patient safety and ethical standards.
Compliance Specialist
Compliance Manager providing governance and assurance for compliance obligations and processes. Overseeing the organization’s Integrated Management System and ensuring compliance with regulatory frameworks.
Regulatory Consultant – CMC, Small Molecule Products
Support execution of global regulatory CMC strategy and submissions for small molecule products. Collaborate with cross-functional teams at Syneos Health to deliver effective regulatory compliance in the biopharmaceutical industry.
Regulatory Labeling Manager – Artwork Development, Source Text Review
Labeling Artwork Reviewer ensuring compliance in pharmaceutical product packaging through detailed review and collaboration with various teams. Focused on regulatory requirements and global market alignment.
GRC Analyst
GRC Analyst at Primer responsible for managing Governance, Risk & Compliance programs. Collaborates with engineering and security teams to maintain compliance and manage audit readiness.
Regulatory Manager
US Regulatory Manager at Unchained ensuring compliance with U.S. financial services regulations. Involves collaboration across departments for effective risk management and policy implementation.
Compliance Officer
Compliance Officer managing AML/CTF compliance and operations at Allocated Bullion Exchange. Overseeing day-to-day operations including onboarding and regulatory obligations.
Onboarding Compliance Specialist
Onboarding Compliance Specialist ensuring HR compliance for clinical workforce at Charlie Health. Assisting in personnel file management and regulatory adherence for new hires.
Director, Regulatory Affairs
Director of Regulatory Affairs leading regional regulatory strategy and stakeholder engagement for Grid United. Focus on developing frameworks and supporting regulatory approvals for electric transmission projects.
Senior Regulatory Affairs Associate
Regulatory Affairs Senior Associate at Amgen assisting in regulatory document creation and submission. Supporting US regulatory activities and compliance under USRL supervision.
Regulatory and Start Up Specialist
Regulatory Specialist managing Site Activation for clinical studies in life sciences. Ensuring compliance with regulations and quality in deliverables for Swedish sites.
Senior Business SOX Compliance Manager
Senior Business SOX Compliance Manager leading business process control framework at Zillow. Involves assessments, integrations, and team development in a distributed work environment.
Assistant Manager, Special Education Compliance
Assistant Manager for IDEA supporting special education compliance and program implementation in various Texas and remote locations. Collaborating with staff, students, and families in achieving academic success.
Regional Food Safety Quality and Regulatory Lead
Canada Food Safety Quality and Regulatory POD Lead providing safety leadership across plants in Canada. Collaborating with stakeholders for quality and regulatory compliance while driving continuous improvement initiatives.
Senior Advisor, Pharmacy & Care Delivery Compliance
Senior Advisor for compliance within Evernorth Care Delivery and Pharmacy. Responsible for evaluating compliance and managing audits and reports across regulatory requirements.
Executive Director, Regulatory Affairs – Global
Executive Director leading global regulatory affairs for biopharmaceutical company, focusing on international regulatory strategy and compliance for oncology products.