Senior GRC Engineer

Biograph International, Inc

$150K — $200K *
Healthcare
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years in Security Engineering, GRC Engineering, DevOps, or Cloud Security roles
  • Experience building compliance programs in fast-paced startups
  • Strong understanding of HIPAA, SOC 2, and HITRUST
  • Hands-on with Google Cloud Platform (GCP) and best security practices
  • Scripting skills in Python or Bash with API experience
  • Experience with continuous compliance tools
  • Passionate about using technology to enhance healthcare

Responsibilities

  • Lead HIPAA compliance initiatives and security standard enforcement
  • Develop and implement compliance operations strategy and policies
  • Manage continuous compliance automation platforms integration
  • Automate evidence collection workflows to optimize compliance
  • Conduct internal risk assessments and threat modeling for cloud healthcare

Benefits

  • Equity in an early-stage company
  • Medical, dental, and vision insurance
  • 401(k) plan
  • Paid maternity/paternity leave
  • Unlimited PTO
  • Biograph Membership
Full Job Description
Biograph is looking for a founding GRC Engineer to help us mature and scale a modern, automation-first compliance program to secure our data-driven approach to preventative care.

Our small and nimble engineering team thrives on ownership and autonomy. We're building foundational systems with an eye toward scalability and an emphasis on best practices. We're looking for an "engineer-first" GRC practitioner who values product and communication as much as technical excellence. Joining this early provides a great opportunity to help shape our technical systems, security posture, and culture.

This is a hybrid role. Team members typically work in our Manhattan office ~3 days a week, with empathetic flexibility.

WHAT YOU WILL DO

We are building new impactful products and need to secure our infrastructure for the future. Your immediate mission will be to lead and advance our HIPAA compliance initiatives, ensuring rigorous security standards across our environment. You will have opportunities across our tech stack:
  • Build and Execute: Lead the strategy and execution of our HIPAA compliance operations, identifying technical gaps, authoring policies, and implementing required controls. Lay the architectural groundwork for upcoming SOC 2 and HITRUST certifications.
  • GRC Engineering & Automation: Own the implementation, configuration, and maintenance of continuous compliance automation platforms (e.g., Vanta, Drata, or Secureframe), integrating them deeply into our tech stack.
  • Infrastructure Integration: Design and build automated evidence collection workflows using scripts (Python, Go, or similar) to pull data from our GCP environment, identity providers, and SaaS tools. Partner with DevOps to embed compliance checks directly into CI/CD pipelines.
  • Risk & Governance: Replace manual audits with Continuous Control Monitoring (CCM). Conduct internal risk assessments and threat modeling tailored to cloud-native, health care environments.
WHAT YOU BRING TO THE ROLE
  • 6+ years of professional experience in Security Engineering, GRC Engineering, DevOps, or Cloud Security roles.
  • Experience building, scaling, and modernizing compliance programs in fast-paced startup environments.
  • Deep, practical understanding of HIPAA requirements and how to map them to technical cloud controls. Strong working knowledge of SOC 2 and HITRUST.
  • Hands-on expertise with Google Cloud Platform (GCP) architecture, IAM, logging, and security best practices.
  • Strong programming/scripting skills (e.g., Python, Bash) and experience working with REST APIs to automate evidence gathering.
  • Proven experience implementing and maximizing modern continuous compliance tooling.
  • Excited about applying technology to improve healthcare.
EXCEPTIONAL LOOKS LIKE
  • Experience or familiarity with FedRAMP (Moderate/High), Infrastructure as Code (Terraform), or previous experience in the BioTech/HealthTech industry.
COMP | PERKS | BENEFITS
  • $150,000 - $200,000 per year
  • Equity in an early stage company
  • Medical, dental, and vision insurance
  • 401(k)
  • Paid maternity / paternity leave
  • Unlimited PTO
  • Biograph Membership

Similar Jobs

More Jobs at Biograph International, Inc

More Healthcare Jobs

Find similar Senior GRC Engineer jobs: