[Remote] Security Engineer, GRC
Note: The job is a remote job and is open to candidates in USA. Ivy Rehab Network is a leading organization in physical therapy and rehabilitation services, and they are seeking a Security Engineer to manage and enhance their Governance, Risk, and Compliance (GRC) program. The role involves creating security policies, automating compliance workflows, and conducting vendor risk assessments while supporting a large team across multiple locations.
Responsibilities
- Lead the design, rollout, and continuous improvement of the internal GRC framework and security architecture
- Author, maintain, and help enforce information security policies, procedures, and control frameworks across the business
- Identify opportunities to automate compliance tracking, evidence collection, and risk reporting workflows to eliminate manual processes
- Ensure organizational alignment with industry standards (e.g., NIST CSF, HIPAA, HITRUST) and facilitate internal or external security assessments
- Own the end-to-end third-party risk assessment process; evaluate vendor security postures, SOC 2 reports, and risk profiles prior to onboarding
- Partner with legal, procurement, and business stakeholders to communicate vendor risks and negotiate necessary security safeguards
- Manage and monitor the Data Loss Prevention (DLP) solution; triage data exfiltration alerts and partner with business units to implement, enforce, and refine data classification schemas
- Drive the security awareness training strategy; oversee automated phishing campaigns, measure program effectiveness, and deliver tailored education to mitigate human risk
- Provide secondary support to SOC operations by validating alert triage and improving detection logic
- Collaborate to improve SIEM/SOC use cases, detection logic, and incident response workflows
Skills
- Minimum 3-5 years of experience in Cybersecurity, with a focus on GRC or third-party risk management
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field
- Excellent communication, collaboration, and problem-solving skills
- Relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
- Deep understanding of security frameworks and standards such as NIST CSF, HIPAA, HITRUST
- Proven ability to analyze vendor security documentation (SOC 2 Type II, SIG questionnaires, penetration test reports)
- Experience utilizing GRC platforms (e.g., SmartSuite, Archer, ServiceNow GRC, or similar), low-code/no-code platforms, or scripting to automate security processes and compliance mapping
- Excellent communication and collaboration abilities – able to explain complex risk concepts to non-technical stakeholders and work cross-functionally to drive security initiatives
- GIAC certifications
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Former NOC/SOC experience
Benefits
- Eligibility for full benefits package beginning within your first month of employment
- Generous PTO (Paid Time Off) plans and paid holidays
Company Overview
Company H1B Sponsorship