Job Description

Job Summary

As a member of the Digital Technology Risk Assurance team, the Sr. Engineer for Governance, Risk, and Compliance (GRC) Administration will own and manage the technical foundation of our risk management program. This role is responsible for the administration, configuration, and continuous improvement of the Governance, Risk, and Compliance (GRC) platform, which is critical for identifying, assessing, and managing technology risks across the organization.

Serving as a subject matter expert for the GRC platform, the Sr. Engineer will translate the organization's risk management strategy into actionable workflows, automated processes, and robust technical solutions. Key responsibilities include designing and maintaining automated risk posture monitoring, engineering remediation tracking workflows, and developing dynamic dashboards and reports directly within the GRC platform and working with key process stakeholders.

Essential Functions

Administer and Maintain GRC Platforms Configure, manage, and support the GRC platform, including underlying database management, ensuring role-based access controls, data integrity, system performance, and successful integration with third-party tools. Lead GRC Projects and Custom Development Manage project milestones for GRC initiatives, lead peer discussions, and execute custom application and API development using various frameworks to meet security and compliance objectives. Ensure Ongoing Optimization of GRC System Design and Support Continuously collaborate with stakeholders to assess requirements, create process documentation, evaluate GRC tools, and refine system architecture to ensure alignment with cybersecurity, healthcare compliance standards, and evolving business needs. Manage Platform Implementation and Migration Lead or support efforts for system onboarding, data migration, and process mapping when transitioning from legacy systems to new platforms. Ensure Compliance and Support Audits Align GRC platforms with frameworks such as NIST CSF, PCI DSS, and healthcare standards (HIPAA, HITRUST), providing data and reports during audits and regulatory assessments. Drive Automation and Process Improvement Automate GRC processes including risk assessments, policy attestations and exceptions, and vendor management to enhance efficiency and reduce manual efforts. Define Standards and Oversee Change Management Establish documentation, configuration, and change management standards for system updates, implementations, and ongoing development in alignment with enterprise change control policies. Provide Expert Guidance and User Support Act as the technical point of contact for GRC tool users, offer troubleshooting expertise, and guide internal teams on system capabilities that support enterprise risk and policy governance.

Required Experience: 

Bachelor’s degree in Information Technology, Cybersecurity, or related field (or equivalent experience). 5+ years of experience in GRC platform administration or engineering. Strong understanding of GRC processes such as risk assessments, compliance management, and policy lifecycle. Experience in healthcare IT or a highly regulated industry. Experience in configuring GRC tools and developing process automations using scripting, APIs, workflows, or orchestration tools. Expertise in process analysis, improvement, and application administration Excellent problem-solving, critical thinking, and research skills Effective verbal, written, and technical communication Ability to lead cross-functional training and support initiatives Productivity suite software required