Security Engineer (Compliance)

TL;DR

Security Engineer (Compliance) (GRC): Managing and supporting GRC programs and compliance frameworks for a health technology company with an accent on SOC 1/2, ISO 27001, and risk management. Focus on developing internal audit programs, mitigating organizational risks, and ensuring technical controls meet audit standards.

Location: Remote (USA). Must have legal right to work in the U.S. without sponsorship. On-site travel required for onboarding and team events.

Salary: $125,000–$170,000 per year

Company

Health technology subsidiary of hirify.global focusing on drug discount data exchange and transparency.

What you will do

• Own and manage compliance frameworks including SOC 1/2, ISO 27001, CSA STAR, and NIST CSF.
• Develop and maintain organizational policies and procedures to support annual audits.
• Implement internal audit programs to measure process effectiveness and identify systemic improvements.
• Manage the Risk Management Program, covering identification, mitigation, monitoring, and reporting.
• Collaborate with SecOps to ensure security functions meet operational compliance and audit standards.
• Support Quarterly Access Reviews (QARs) and user access request processes.

Requirements

• 5+ years of experience as a Security, Compliance, or Risk Engineer.
• Deep technical knowledge of compliance frameworks (SOC 1/2, ISO 27001, NIST CSF).
• Experience with cloud services including Azure, AWS, and Microsoft 365.
• Operational understanding of firewalls, IDS, anti-virus, and log management.
• Strong background in risk adjudication, mitigation, and communication with executive leadership.
• Legal right to work in the U.S. without company sponsorship.

Culture & Benefits

• Remote-first work environment with occasional travel for onboarding and team bonding.
• Culture of trust giving employees freedom to create, collaborate, and grow.
• Opportunity to work with industry experts and pioneers in market-changing solutions.
• Equal Opportunity Employer commitment.