Logo for Ro

Sr. GRC Engineer

Role overview

Qualifications

  • 5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles with hands-on experience in SOC 2, HIPAA, HITRUST, NIST, and PCI in technology-driven environments
  • 3+ years of ongoing compliance operations experience, with progression from manual evidence collection to automated, continuously monitored controls
  • 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations and optimizing automated evidence workflows
  • Expertise using Looker (or similar BI tool such as HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders

Responsibilities

  • Serve as both a risk practitioner and automation engineer and drive automated, continuous compliance
  • Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows
  • Perform risk assessments, vendor security reviews, and control gap analyses, tracking remediation through to completion
  • Partner with Security, IT, Infrastructure, and Engineering teams to ensure controls align with documented policies and compliance requirements, and support audits (SOC 2, HIPAA, HITRUST)

About the company

Ro logo

Ro

Healthtech: Health + Technology

Ro is a direct-to-patient healthcare company providing high-quality, affordable healthcare without the need for insurance. Ro is the only company to seamlessly connect telehealth and in-home care, diagnostics, labs, and pharmacy services nationwide. This is enabled by Ro’s vertically integrated platform that powers a personalized, end-to-end healthcare experience from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has facilitated more than eight million digital healthcare visits in nearly every county in the United States, including 98% of primary care deserts. Ro also provides its patient-centric solutions including Workpath, its in-home care API, and Kit, its at-home diagnostic testing service, to other healthcare companies.

Company details

Company typeScaleup
IndustryHealthtech: Health + Technology
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 99% of primary care deserts.
 
Ro is consistently recognized as a top workplace in Health Care, in New York, and for Women and Parents—earning more than 20 honors from Fortune, Great Place to Work, and PEOPLE since 2021. In 2025 alone, we ranked top 5 among medium workplaces in Health Care and New York, and top 50 nationwide.

The Role:
The Governance Risk and Compliance Engineer role will be a core member of Ro’s GRC team. This is a remote, Individual Contributor role. The GRC team enables Ro to manage risk by vigorously assessing our operations against leading compliance frameworks and standing legislation. This individual contributor role will be a key player in both leading our audit readiness program while driving continuous compliance using leading AI and automation platforms..
 

What You’ll Do:
  • Serve as both a risk practitioner and automation engineer. Automate everything.
  • Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows
  • Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
  • Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
  • Partner with Security, IT, Infrastructure, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
  • Support internal and external audits (SOC 2, HIPAA, HITRUST)
  • Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans.
  • Develop and maintain risk reporting, metrics, and executive summaries with BI tools (Looker, Hex, etc)

  • What You’ll Bring to the Team:
  • 5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles, including hands-on experience working with compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST, and PCI in modern, technology-driven environments.
  • 3+ years of experience with ongoing compliance operations, with demonstrated progression from manual evidence collection to automated, continuously monitored controls.
  • 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations as well as optimizing automated evidence workflows.
  • Working knowledge of cloud computing platforms (AWS, Azure, GCP) and how their native services and configurations support security and compliance requirements. 
  • Expertise in using Looker (or similar BI tool; HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights.
  • Ability to automate data ingestion, transformation, and reporting using scripting or programmatic approaches (e.g., Python, JavaScript, APIs, Tines.)
  • Strong analytical and root cause analysis skills
  • Kindness, and an ability to communicate to all levels of the organization

  • Bonus Points
  • Advanced GRC Automation & Engineering Mindset (custom automatons or workflows beyond out-of-the-box compliance tools)

  • We’ve Got You Covered:
  • Full medical, dental, and vision insurance + OneMedical membership
  • Healthcare and Dependent Care FSA
  • 401(k) with company match
  • Flexible PTO
  • Wellbeing + Learning & Growth reimbursements
  • Paid parental leave + Fertility benefits
  • Pet insurance
  • Student loan refinancing
  • Virtual resources for mindfulness, counseling, and fitness
  • The target base salary for this position ranges from $148,000 to $175,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary.

    Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).
     
    At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.
     
    Ro is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and interview process. If you require a reasonable accommodation in the application or interview process, please contact us at talent@ro.co.
     
    See our California Privacy Policy here.

    Apply once. Then go straight to the hiring manager.

    After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

    MR

    Marcus Rivera

    Chief Revenue Officer

    m.rivera@company.com
    linkedin.com/in/marcusrivera
    Unlocked after you apply
    ·

    Related jobs

    Other jobs at Ro

    Premium

    Reach out to the hiring manager directly.

    Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

    • Full match report with fit score and gaps
    • Career diagnostics on how recruiters read you
    • Curated company matches and warm intros
    • 48h early access to new roles

    Cancel anytime.