Staff Engineer, GRC

Staff Engineer, GRC ABOUT OPENLOOP OpenLoop was co-founded by CEO, Dr. Jon Lensing, and COO, Christian Williams, with the vision to bring care anywhere. Our telehealth support solutions are thoughtfully designed to streamline and simplify go-to-market care delivery for companies offering meaningful virtual support to patients across an expansive array of specialties, in all 50 states. ABOUT THE ROLE OpenLoop's mission is to bring care anywhere by powering tele-health solutions at scale. The Security Governance, Risk, and Compliance (GRC) team builds the guardrails that let OpenLoop move fast while managing risk — enterprise risk management, security compliance, third-party risk, business resilience, and AI governance. We are hiring a GRC Engineer to sit at the intersection of security governance and technical automation. You will build the systems, integrations, and automated workflows that power OpenLoop's GRC program — from continuous evidence collection and control testing in Vanta, to AI governance operations supporting our AI Governance Council, to the business intelligence dashboards that give security leadership and the broader security organization real-time visibility into posture, risk, and program health. WHAT YOU'LL DO: - Design, build, and maintain automated evidence collection and continuous control testing workflows in Vanta and supporting tools. - Develop and operate GRC automation pipelines using Claude Code and similar AI-assisted development tools — writing scripts, building integrations, and eliminating manual compliance processes at speed. - Build and maintain business intelligence dashboards and metrics reporting for the Security GRC team and broader security organization — including security posture, issue tracking, exception management, risk trends, and program delivery metrics. - Develop integrations between GRC platforms, cloud environments (AWS, GCP), identity providers, and business systems to automate compliance data flows. - Operationalize the AI Governance Council's review process — build intake workflows, risk assessment tooling, and tracking for AI use case governance. - Develop and maintain AI risk assessment frameworks and guardrails aligned to NIST AI RMF, ISO 42001, and emerging regulatory requirements. - Support SOC 2 Type II, HITRUST, HIPAA SRA/PRA, and other audit and assurance activities, through automated evidence preparation and control documentation. - Write scripts and build tooling (Python, APIs, workflow platforms, AI-assisted coding tools) to reduce cycle time and focus on scaling - Maintain and improve the control framework — map controls to obligations, identify gaps, and automate testing where possible. - Partner with SecOps, IT, Privacy, and Engineering teams to integrate GRC requirements into their toolchains and workflows. - Support enterprise risk management activities including risk register maintenance, KRI automation, and risk reporting. - Define and track key metrics across the security organization — translating raw data into executive-ready insights that drive decisions and demonstrate program maturity. - Other duties as assigned. WHO YOU ARE Required Qualifications - 5+ years of combined experience in GRC, security engineering, or compliance automation, with demonstrated ability to build automated workflows and integrations. - Experienced cloud security engineer that has moved into governance, believing that in automated GRC best practices - Hands-on experience automating GRC workflows using Claude Code or similar AI-assisted development tools (e.g., Cursor, GitHub Copilot). Must be able to demonstrate practical AI-assisted automation work. - Hands-on experience with GRC platforms, preferably Vanta. Ability to configure, customize, and extend platform capabilities. - Proficiency in Python scripting and REST API integration for evidence collection, data transformation, and workflow automation. - Strong business intelligence and data visuali ... (truncated, view full listing at source)