Назад
Company hidden
2 дня назад

Risk & Compliance Engineer

82 000 - 97 000$
Тип работы
fulltime
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Risk & Compliance Engineer (GRC/Vendor Risk): Lead end-to-end vendor security risk assessments and enhance a vendor risk program with an accent on AI-driven accuracy improvements, control effectiveness evaluation, and quantifying business risk. Focus on building KRIs/KPIs and assessment methodology in OneTrust using NIST RMF and NIST 800-53r5, while embedding security-by-design and supporting internal assessments and external audits.

Location: Newark, New Jersey, United States

Salary: $82,000 - $97,000

Company

hirify.global provides trusted health information and health information services through online portals and digital products.

What you will do

  • Continuously improve vendor risk management by integrating AI across assessment and reporting workflows.
  • Independently lead and prioritize vendor security risk assessments across service types and integration profiles (including HIPAA, infrastructure, and applications) to verify contract and internal security policy compliance.
  • Coordinate vendor information risk activities with procurement, legal, and business stakeholders, with a focus on SOC 2-dependent vendors.
  • Partner with risk owners to design, negotiate, and track risk treatment plans to closure, prioritizing real risk reduction over check-the-box control work.
  • Own risk reporting in OneTrust, ensuring remediation tracking and building/maintaining KRIs and KPIs.
  • Build and improve assessment methodology and questionnaires based on NIST 800-53r5 and the NIST RMF; support internal assessments and external audits.

Requirements

  • AI proficiency with the goal of improving accuracy and accelerating process improvement.
  • 4–6 years leading vendor/third-party risk assessments (security, vendor, HIPAA, etc.) and managing identified risks to resolution (security assurance/assessments experience acceptable).
  • Strong, practical command of risk and control concepts and GRC frameworks, including NIST RMF and NIST 800-53r5.
  • Experience leading discussions with risk owners to develop, negotiate, and close out risk treatment plans.
  • Hands-on experience with GRC/risk/compliance tooling such as OneTrust or Archer.
  • Strong written and verbal communication skills and the ability to manage competing deadlines with limited oversight.

Nice to have

  • Familiarity with AI/agentic systems and emerging AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001).
  • Relevant certifications such as CISA, CRISC, CISSP, or CCSP.

Culture & Benefits

  • Health insurance (medical, dental, and vision) available within the first 12 months.
  • Paid time off including vacation, sick leave, and flexible holiday days.
  • 401(k) retirement plan with employer matching.
  • Life and disability insurance and an Employee Assistance Program (EAP).
  • Commuter and/or transit benefits (if applicable).
  • Discretionary company bonus eligibility based on business results.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →