Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visit arcadia.io.
Why This Role Is Important to Arcadia
As Arcadia’s Sr. Governance, Risk, & Compliance (GRC) Engineer, you will ensure Arcadia maintains robust governance, risk, and compliance processes while leveraging technology to drive efficiencies. This role is central to implementing and maximizing Vanta’s capabilities, automating compliance workflows, and ensuring audit readiness. You will collaborate with teams across Arcadia to align compliance efforts with technical security and data protection requirements.
The Sr. GRC Engineer will be a member of the Enterprise Information Security Assurance team. This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented. You will also support our annual compliance (e.g., SOC 2, ISO 27001, HITRUST) and customer audits.
What Success Looks Like
In 3 months
- Gain deep familiarity with Vanta and Arcadia’s existing GRC processes
- Support SOC 2, ISO 27001, and HITRUST audits by managing evidence gathering and automating controls using Vanta
- Begin scripting automation workflows for control testing and evidence gathering using AWS, scripting tools, and Vanta
- Develop an understanding of the vulnerability detection and remediation tracking process
- Develop, manage, and maintain a registry of cyber security risks
- Manage the risk acceptances and exceptions process
In 6 months
- Implement Vanta’s advanced features to automate at least 60% of control testing and evidence gathering
- Own and streamline vulnerability remediation tracking and reporting workflows
- Collaborate with cross-functional teams to develop and enhance Arcadia’s GRC processes
- Own Arcadia's trust portal
In 12 months
- Maintain audit readiness for SOC 2, ISO 27001, and HITRUST
- Manage ongoing compliance reporting and risk assessments using Vanta
- Drive continuous improvements in compliance workflows and processes, ensuring scalability and efficiency
- Increase automateof the evidence-gathering and continuance control monitoring to at least 80% of the for key compliance frameworks
- Assist in the reduction of time-to-remediation for identified vulnerabilities by at least 20%
- Reviewing security documentation on an annual basis
- Assist in the management of audit processes
- Manages evidence gathering for audits and assessments
What You'll Be Doing
- Implementing and managing Vanta to its fullest potential, automating compliance workflows, and evidence gathering
- Evaluating and integrating further APIs/integrations to enhance compliance management and reporting capabilities
- Developing and maintaining a registry of cybersecurity risks and controls
- Automating control testing using AWS, scripting, vendor’s APIs, and Vanta integrations
- Supporting annual compliance audits (HITRUST, ISO27001, SOC 2) and customer assessments (and the preparation for both). Leading evidence collection and documentation processes for internal and external audits
- Monitoring and reporting on compliance metrics and progress toward automation goals
- Coordinating, tracking IT and security-related audits that includes scope, timelines, and outcomes
- Staying current with emerging GRC technologies, standards, and best practices
- Supporting the Assurance team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST Certification; Along general state and federal healthcare, privacy, and security requirements
- Ensuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirements
- Ensuring compliance with Federal and State regulations / policies as they relate to healthcare privacy and security
- Managing the reporting and tracking of the remediation of vulnerabilities within Arcadia
- Updating processes and providing metrics on vulnerabilities to better resolve
- Assisting in the automation of reporting metrics for compliance posture and leadership visibility
- Providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives
- Conducting detailed risk assessment and ensuring risks are mapped to appropriate controls
- Ensuring infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)
- Maintaining a matrix of client compliance requirements and performing regular compliance reviews
- Maintaining Arcadia's trust portal and managing access for existing, prospective customers
- Monitoring the implementation of any prescribed corrective actions resulting from client assessments
- Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers
- Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)
- Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process
- Maintaining currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external)
What You'll Bring
- Strong understanding of control frameworks (e.g., SOC 2, ISO 27001, HITRUST CSF, NIST 800-53, NIST CSF) and their implementation
- Experience using Vanta or similar GRC platforms
- Hands-on experience with scripting tools (e.g., Python, PowerShell) and cloud platforms (e.g., AWS)
- Experience automating compliance workflows using tools like Vanta, AWS, or scripting
- Excellent organizational and communication skills, with the ability to collaborate across teams
- Familiarity with HIPAA and other relevant healthcare and privacy regulations
- Proactive approach to problem-solving and continuous improvement
- At least 2-3 years of healthcare compliance experience
- Experience in vulnerability management or knowledge of the process
- Background in healthcare technology, EHR implementation, and healthcare compliance
- Ability to work independently
Would Love For You To Have
- 5-7 years of experience in GRC roles, including audit preparation and risk management
- Certifications such as CISA, CISSP, CISM, or equivalent
- Background in healthcare technology and familiarity with EHR systems
- Knowledge of securing network technologies, client, and server operating systems
- Management of regulatory, internal, or external audits, or experience as an auditor
- Strong understanding of HIPAA, Medicare, and Medicaid requirements
What You'll Get
- The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
- You seek a fun culture that encourages you to speak up and fosters creative thinking
- You want to use your skills to make an impact on healthcare
- Support for your development, including support for obtaining and maintaining certifications
- Awesome work environment
- Competitive compensation
- Great benefits like flextime time off
- Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
- A flexible, remote friendly company with personality and heart
- Employee driven programs and initiatives for personal and professional development
- Be a member of the Arcadian and Barkadian Community
About Arcadia
Arcadia.io helps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health. We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore our website.
Protect Yourself
If you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our website.
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
