Risk & Compliance Engineer
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Risk & Compliance Engineer (GRC/Vendor Risk): Lead end-to-end vendor security risk assessments and enhance a vendor risk program with an accent on AI-driven accuracy improvements, control effectiveness evaluation, and quantifying business risk. Focus on building KRIs/KPIs and assessment methodology in OneTrust using NIST RMF and NIST 800-53r5, while embedding security-by-design and supporting internal assessments and external audits.
Location: Newark, New Jersey, United States
Salary: $82,000 - $97,000
Company
provides trusted health information and health information services through online portals and digital products.
What you will do
- Continuously improve vendor risk management by integrating AI across assessment and reporting workflows.
- Independently lead and prioritize vendor security risk assessments across service types and integration profiles (including HIPAA, infrastructure, and applications) to verify contract and internal security policy compliance.
- Coordinate vendor information risk activities with procurement, legal, and business stakeholders, with a focus on SOC 2-dependent vendors.
- Partner with risk owners to design, negotiate, and track risk treatment plans to closure, prioritizing real risk reduction over check-the-box control work.
- Own risk reporting in OneTrust, ensuring remediation tracking and building/maintaining KRIs and KPIs.
- Build and improve assessment methodology and questionnaires based on NIST 800-53r5 and the NIST RMF; support internal assessments and external audits.
Requirements
- AI proficiency with the goal of improving accuracy and accelerating process improvement.
- 4–6 years leading vendor/third-party risk assessments (security, vendor, HIPAA, etc.) and managing identified risks to resolution (security assurance/assessments experience acceptable).
- Strong, practical command of risk and control concepts and GRC frameworks, including NIST RMF and NIST 800-53r5.
- Experience leading discussions with risk owners to develop, negotiate, and close out risk treatment plans.
- Hands-on experience with GRC/risk/compliance tooling such as OneTrust or Archer.
- Strong written and verbal communication skills and the ability to manage competing deadlines with limited oversight.
Nice to have
- Familiarity with AI/agentic systems and emerging AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001).
- Relevant certifications such as CISA, CRISC, CISSP, or CCSP.
Culture & Benefits
- Health insurance (medical, dental, and vision) available within the first 12 months.
- Paid time off including vacation, sick leave, and flexible holiday days.
- 401(k) retirement plan with employer matching.
- Life and disability insurance and an Employee Assistance Program (EAP).
- Commuter and/or transit benefits (if applicable).
- Discretionary company bonus eligibility based on business results.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →