Senior Security Engineer - Compliance and Risk

About the role: We are seeking a detail-oriented, proactive Security Compliance Engineer to join our Security team. In this role, you will not just check boxes; you will own the governance and compliance lifecycle for critical security programs and, in many cases, be actively involved in implementation and remediation. You will ensure that our vulnerability management, privacy, data retention, and business continuity efforts meet the rigorous standards of SOC 2, HIPAA, and HITRUST , protecting our sensitive healthcare data and maintaining trust with our partners. What you will do: Vulnerability Management Governance Oversee the compliance aspect of the vulnerability management program, ensuring scans and remediation efforts adhere to SLAs. Track and report on remediation timelines to ensure evidence is audit-ready. Collaborate with engineering and IT teams to validate that exceptions are documented, risk-accepted, and reviewed periodically. Manage and handle “tracking technologies” to comply with partner requirements Privacy Data Governance Manage adherence to internal privacy policies and external regulations (HIPAA, State Laws, CCPA). Manage adherence to partner-specific health system requirements Monitor data retention schedules to ensure data is stored, archived, and purged in accordance with policy and legal requirements. Conduct periodic privacy impact assessments (PIAs) for new products or features. Disaster Recovery (DR) Business Continuity (BCP) Coordinate annual or bi-annual DR/BCP table-top exercises and technical tests. Maintain and update DR/BCP documentation, ensuring contact lists and recovery procedures are current. Review post-mortem reports from tests to ensure continuous improvement and compliance with availability trust principles. Audit Framework Management (SOC 2 HITRUST) Serve as a primary point of contact for external auditors during SOC 2 and HITRUST assessments. Collect, organize, and review evidence on the controls for the programs above. Identify compliance gaps and drive remediation projects before external audits begin. AI/ML in healthcare and emerging federal and state AI regulations What we're looking for: Experience: 3-5+ years of experience in Information Security, Governance, Risk, Vulnerability Management, Compliance (GRC), or IT Audit. Program Management: Proven experience managing specific compliance verticals like vulnerability management or business continuity. Communication: Ability to translate compliance requirements into actionable technical tasks for engineering teams. Organization: Exceptional documentation skills—you understand that "if it isn't written down, it didn't happen." Influence: Ability to drive consensus and compliance across teams without direct management authority. Benefits Perks: #LI-Hybrid Hybrid work schedule with weekly lunches and stocked fridges Monthly social committees for company events 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days Stock options for every full-time employee Paid parental leave 401k benefit Commuter Benefits Competitive health, dental, and vision insurance options Compensation: $150,000 $185,000 USD Who We Are: Behind every leading health system is K Health’s AI-powered virtual care engine. Esteemed health systems like Mayo Clinic, Cedars-Sinai, Mass General Brigham, Hackensack Meridian Health, and Hartford Healthcare partner with K Health to build and run modern primary virtual care clinics on their behalf. Our deeply integrated model modernizes the primary care loop by using AI to put humans first. For our patients, we offer clinical AI (i.e., PatientGPT) and unparalleled access to close care gaps around the clock. For our Providers, we deliver provider-serving agentic solutions (i.e., Perfect Note) to eliminate administrative overload and burnout. And for the health systems, we deploy our top-grade Virtualists in AI-powered virtual clinics 24/7 to capture the patie ... (truncated, view full listing at source)