Logo for NextGen Healthcare

Sr Engineer, GRC (Audit & Compliance)

NextGen Healthcare

Key Facts

Remote From: 
Georgia (USA)
Full time
Senior (5-10 years)
English

Other Skills

  • Ability To Meet Deadlines
  • Communication
  • Analytical Skills
  • Multitasking
  • Teamwork
  • Organizational Skills
  • Prioritization
  • Problem Solving

Roles & Responsibilities

  • Bachelor's degree in Computer Science or a related field, or equivalent experience; 4-6 years of relevant GRC/security engineering experience.
  • Hands-on experience with security technologies and GRC tools (IAM, PAM, MFA, RBAC, SSO, DLP, SIEM, XDR) and risk management processes.
  • Familiarity with governance, risk management frameworks such as COSO, NIST CSF, RMF, ISO, COBIT.
  • Professional information security certifications (CISA, CISSP, CISM, CRISC, CEH, GIAC) or ability to obtain within 18 months; HITRUST CSF knowledge.

Requirements:

  • Lead the organization’s audit and compliance programs and own end-to-end audit lifecycle across SOC 2, HITRUST, PCI DSS, HIPAA, and NIST CSF.
  • Act as primary liaison between internal stakeholders and external auditors to ensure audit readiness, evidence management, remediation tracking, and sustained compliance posture.
  • Manage and optimize GRC tooling and integrations (phishing/training platforms, GRC/IT Risk, TPRM, Risk Register, privacy management) and serve as system administrator for selected tools.
  • Collaborate with IT and security teams to collect data, align GRC with enterprise controls (IAM, PAM, MFA, RBAC, SSO, DLP, SIEM, XDR), and support data analysis, dashboards, and reporting; stay current with regulatory changes.

Job description

Job Description:

The Sr. Engineer, Governance, Risk & Compliance (Audit & Compliance) is responsible for leading the organization’s audit and compliance programs, ensuring continuous alignment with regulatory, contractual, and security framework requirements.
This role owns the end-to-end audit lifecycle, including planning, readiness, evidence management, auditor coordination, and remediation tracking across frameworks such as SOC 2, HITRUST, PCI DSS, HIPAA, and NIST CSF. The individual will act as the primary liaison between internal stakeholders and external auditors, ensuring audit readiness and sustained compliance posture.
This position operates as a senior individual contributor responsible for driving compliance execution, maintaining control frameworks, and leveraging GRC tools to enable scalable and efficient compliance operations.

  • Leverage tools and technology to support Information Security audit, compliance, and GRC initiatives across the Information Security Program
  • Act as system administrator for certain security or GRC tools such as phishing and training platforms,  GRC/IT Risk Management tools, Third Party Risk Management (TPRM) platforms, Risk Register, privacy management, etc.
  • Integrate related tools and workflows with other systems as needed.
  • Engage with internal stakeholders and security vendors on design sessions, and help configure and optimize GRC solutions and compliance workflows.
  • Work with IT partners in Application Security, Security Engineering and Operations, Enterprise Applications, Desktop Support, Help Desk, Networking and Infrastructure Operations, to get data and information needed to support GRC work and audit & compliance activities.
  • Collaborate with IT teams and Information Security teams to obtain security and operational data needed to support audit, compliance, and risk assessment activities.
  • Work with IT teams and partners to align GRC objectives with enterprise security controls and operational processes including cybersecurity / technology solutions such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, etc.
  • Support data analysis, metrics, dashboards and reporting activities by pulling data from source systems.
  • Stay current with evolving regulatory requirements, compliance frameworks, industry trends, threat intelligence and make recommendations for process and control improvements.
  • Participate in security incidents and support related audit, compliance and remediation activities as needed.
  • Support security assessment requests for customers, HITRUST, SOC 2, etc. by pulling appropriate data as needed.
  • Work with IT partners to align GRC requirements with operational processes such as secure software development life cycle, software engineering, infrastructure, network, etc.
  • Maximize the utilization of GRC tools and technology to improve program efficiency and audit readiness
  • Assist with the development and maintenance of policies, procedures and compliance documentation.
  • Stay current with changes in information security and cybersecurity regulations, industry frameworks, and best practices, and apply them to existing NextGen GRC solutions and processes.
  • Use GRC and security engineering skills to help streamline or automate NextGen methodology for maintaining accreditations or certifications (e.g., SOC 2, HITRUST, etc.).
  • Use GRC and security engineering skills to help streamline or automate NextGen methodology for responding to customer security assessments or questionnaires.

Education Required:

  • Bachelor's Degree in Computer Science or related discipline or advanced degree.
  • Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

  • 4-6 years of relevant experience or advanced Degree.
  • GRC/Security engineering experience, including supporting information security or cybersecurity solutions.
  • Experience working with security technology, GRC tools, or processes such as phishing campaigns, vulnerability scans, IRPs, playbooks, IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, threat hunting, etc.
  • Experience with one or more of the following frameworks: COSO, NIST CSF, RMF, ISO, COBIT.
  • Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), AICPA System and Organization Controls 2(SOC 2), Payment Card Industry (PCI), or related GRC frameworks
  • Experience working with IT partners and adequate exposure to their areas such as SSDLC, software engineering, infrastructure, networking, service desk, desktop support, security operations, etc. This includes experience or sufficient exposure and familiarity with the tools they use.

License/Certification Required:

  • Information security or cybersecurity related certifications such as CISA, CISSP, CISM, CRISC, CEH, GIAC (GCFA), or ability to acquire certification within 18 months.
  • HITRUST Framework and CSF certification knowledge. Governance, Risk and Compliance tools.

Knowledge, Skills & Abilities:

  • Knowledge of: GRC, information security, and cybersecurity principles, phishing campaigns, cybersecurity awareness and training, risk assessments, risk registers, security events and incidents, security frameworks, standards, guidelines, controls, federal and state security regulations and trends, current cybersecurity threats, data protection, administrative, technical and physical security controls, third party risk management (TPRM). IT / security processes or tools such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPS, XDR, MDM, SIEM, IRP, backups, DR & BCP, playbooks, MSP or MSSP, MDR or XDR, 24x7 SOC, endpoint security, SIEM, vulnerability scans, patching, pen testing, red/blue/purple teaming, tabletop exercises, encryption at rest and in transit, networking, firewalls, infrastructure, colo data centers, hosted environments such as Azure, AWS, or Google Cloud, and Active Directory.
  • Skill in: Information security, cybersecurity, GRC processes, audit and compliance activities, some understanding of code and scripts, working as member of a team; communicating effectively; establishing and maintaining effective working relationships. 
  • Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; work in a fast-paced environment; stay organized, prioritize workload, multi-task, and meet deadlines.

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Ready to apply?
APPLY
·

Related jobs

Georgia (USA)

Other jobs at NextGen Healthcare

We help you get seen. Not ignored.

We help you get seen faster — by the right people.

🚀

Auto-Apply

We apply for you — automatically and instantly.

Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

AI Match Feedback

Know your real match before you apply.

Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

Upgrade to Premium. Apply smarter and get noticed.

Upgrade to Premium

Join thousands of professionals who got noticed and hired faster.