Security Engineer, GRC

Ivy Rehab$90K — $120K *
US-AnywhereRemote in Philadelphia, PA
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3-5 years of experience in Cybersecurity, focusing on GRC or third-party risk management.
  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field.
  • Excellent communication, collaboration, and problem-solving skills.
  • Relevant certifications like CISSP, CISM; additional certifications like CISA or CRISC are advantageous.
  • Desired experience includes NOC/SOC roles.
  • Strong grasp of security frameworks like NIST CSF, HIPAA, and HITRUST.
  • Proficient in analyzing vendor security documentation and using GRC platforms.

Responsibilities

  • Lead the design and improvement of the GRC framework and security architecture.
  • Author and enforce information security policies and control frameworks.
  • Automate compliance tracking and risk reporting workflows.
  • Ensure compliance with industry standards and facilitate security assessments.
  • Oversee the third-party risk assessment process and evaluate vendor security postures.
  • Communicate vendor risks and negotiate security safeguards with stakeholders.
  • Manage the Data Loss Prevention (DLP) solution and triage data alerts.
  • Drive the security awareness training strategy and measure its effectiveness.
  • Provide support to SOC operations and improve incident response workflows.

Benefits

  • Primarily remote position with occasional travel requirements for collaboration and team building.
Full Job Description
State of Location:
Pennsylvania

Position Summary:

The Security Engineer will manage, scale, and automate our Governance, Risk, and Compliance (GRC) program supporting an organization of 7,500+ teammates across 750+ locations. This role focuses on building security policies, automating compliance workflows, and conducting third-party vendor risk assessments. Additionally, you will provide secondary engineering and analytical support to optimize our MSSP relationship, triage alerts, and refine SOC use cases.

This role is primarily remote, with occasional travel required for projects, collaboration, and team building.

Job Description:

Responsibilities:
  • Lead the design, rollout, and continuous improvement of the internal GRC framework and security architecture.
  • Author, maintain, and help enforce information security policies, procedures, and control frameworks across the business.
  • Identify opportunities to automate compliance tracking, evidence collection, and risk reporting workflows to eliminate manual processes.
  • Ensure organizational alignment with industry standards (e.g., NIST CSF, HIPAA, HITRUST) and facilitate internal or external security assessments.
  • Own the end-to-end third-party risk assessment process; evaluate vendor security postures, SOC 2 reports, and risk profiles prior to onboarding.
  • Partner with legal, procurement, and business stakeholders to communicate vendor risks and negotiate necessary security safeguards.
  • Manage and monitor the Data Loss Prevention (DLP) solution; triage data exfiltration alerts and partner with business units to implement, enforce, and refine data classification schemas
  • Drive the security awareness training strategy; oversee automated phishing campaigns, measure program effectiveness, and deliver tailored education to mitigate human risk.
  • Provide secondary support to SOC operations by validating alert triage and improving detection logic
  • Collaborate to improve SIEM/SOC use cases, detection logic, and incident response workflows.


Qualifications:
  • Minimum 3-5 years of experience in Cybersecurity, with a focus on GRC or third-party risk management.
  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field.
  • Excellent communication, collaboration, and problem-solving skills
  • Relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM).
    • GIAC certifications, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) are a plus.
  • Former NOC/SOC experience is highly desired.
  • Deep understanding of security frameworks and standards such as NIST CSF, HIPAA, HITRUST.
  • Proven ability to analyze vendor security documentation (SOC 2 Type II, SIG questionnaires, penetration test reports).
  • Experience utilizing GRC platforms (e.g., SmartSuite, Archer, ServiceNow GRC, or similar), low-code/no-code platforms, or scripting to automate security processes and compliance mapping.
  • Excellent communication and collaboration abilities - able to explain complex risk concepts to non-technical stakeholders and work cross-functionally to drive security initiatives.


We are an equal opportunity employer, committed to diversity and inclusion in all aspects of the recruiting and employment process. Actual salaries depend on a variety of factors, including experience, specialty, education, and organizational need. Any listed salary range or contractual rate does not include bonuses/incentive, differential pay, or other forms of compensation or benefits.

ivyrehab.com

About Ivy Rehab

Ivy Rehab Careers

There has never been a better time to join the dynamic team at Ivy Rehab—the leading network of therapy providers dedicated to enhancing physical performance and wellness.

Work You’ll Do

Join Ivy Rehab's top-tier team to assist individuals in overcoming physical challenges and achieving personal health goals. At Ivy Rehab, the focus is on leveraging innovation in therapy to transform patient care and wellness practices. Lead in a unique role within the healthcare industry, at the crossroads of clinical expertise, leadership, and innovative health solutions. Engage with a professional team of healthcare specialists to guide patients through their rehabilitation journey. Collaborate with the most skilled therapists and healthcare professionals in the industry, dedicated to advancing physical therapy and patient care.

Introducing the Ivy Rehab Network

The network is expanding its market-leading team to assist more patients and communities in mastering their health and rehabilitation goals with cutting-edge treatments and compassionate care.

Do Innovative Work

Join the largest group of therapy experts—dedicated professionals at the forefront of healthcare innovation and patient-centric solutions.

Drive Innovative Healthcare

Deliver targeted healthcare solutions through a depth and breadth of clinical experience and innovation that’s second to none.

Be Part of a Great Team

Work with a wide-ranging group of therapy technologies and harness the unparalleled capabilities, national scale, and joint solution development of a leading healthcare team.

Future-proof Your Career

Advance as far as your ambition takes you with limitless opportunities to grow your career, supported by unmatched training, development, and certification programs.

Explore

Discover how Ivy Rehab is leading the way in patient care: [With innovative therapy techniques] Ivy Rehab helps patients achieve better outcomes... A new program at Ivy Rehab introduces advanced methods for patient care and wellness.

The Ivy Rehab Network

The combined service capabilities, national reach, and joint solution development help patients overcome challenges and lead healthier lives. Patients across the nation turn to Ivy Rehab for innovative strategies and healthcare solutions to drive recovery and wellness in the modern healthcare landscape. Bringing together dedicated professionals, Ivy Rehab Network empowers individuals to thrive in their personal health journeys.

Stay Connected

Join the Team

Search open positions that match your skills and interests. Ivy Rehab looks for passionate, curious, creative, and solution-driven team players. SEARCH IVY REHAB JOBS

Keep Up to Date

Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work at Ivy Rehab.

READ CAREERS BLOG

Job Alert Emails

Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Explore what exciting and rewarding opportunities await in the fields of physical therapy and patient care.
Learn more about Ivy Rehab
Industry

Similar Jobs

More Jobs at Ivy Rehab

More Information Technology Jobs

Find similar Security Engineer, GRC jobs: