Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visit arcadia.io. Why This Role Is Important to Arcadia As Arcadia’s Sr. Governance, Risk, & Compliance (GRC) Engineer, you will ensure Arcadia maintains robust governance, risk, and compliance processes while leveraging technology to drive efficiencies. This role is central to implementing and maximizing Vanta’s capabilities, automating compliance workflows, and ensuring audit readiness. You will collaborate with teams across Arcadia to align compliance efforts with technical security and data protection requirements. The Sr. GRC Engineer will be a member of the Enterprise Information Security Assurance team.  This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented. You will also support our annual compliance (e.g., SOC 2, ISO 27001, HITRUST) and customer audits. What Success Looks Like In 3 months - Gain deep familiarity with Vanta and Arcadia’s existing GRC processes - Support SOC 2, ISO 27001, and HITRUST audits by managing evidence gathering and automating controls using Vanta - Begin scripting automation workflows for control testing and evidence gathering using AWS, scripting tools, and Vanta - Develop an understanding of the vulnerability detection and remediation tracking process - Develop, manage, and maintain a registry of cyber security risks - Manage the risk acceptances and exceptions process In 6 months - Implement Vanta’s advanced features to automate at least 60% of control testing and evidence gathering - Own and streamline vulnerability remediation tracking and reporting workflows - Collaborate with cross-functional teams to develop and enhance Arcadia’s GRC processes - Own Arcadia's trust portal In 12 months - Maintain audit readiness for SOC 2, ISO 27001, and HITRUST - Manage ongoing compliance reporting and risk assessments using Vanta - Drive continuous improvements in compliance workflows and processes, ensuring scalability and efficiency - Increase automateof the evidence-gathering and continuance control monitoring to at least  80% of the for key compliance frameworks - Assist in the reduction of time-to-remediation for identified vulnerabilities by at least 20% - Reviewing security documentation on an annual basis - Assist in the management of audit processes - Manages evidence gathering for audits and assessments What You'll Be Doing

Implementing and managing Vanta to its fullest potential, automating compliance workflows, and evidence gathering

Evaluating and integrating further APIs/integrations to enhance compliance management and reporting capabilities

Developing and maintaining a registry of cybersecurity risks and controls

Automating control testing using AWS, scripting, vendor’s APIs, and Vanta integrations

Supporting annual compliance audits (HITRUST, ISO27001, SOC 2) and customer assessments (and the preparation for both). Leading evidence collection and documentation processes for internal and external audits

Monitoring and reporting on compliance metrics and progress toward automation goals

Coordinating, tracking IT and security-related audits that includes scope, timelines, and outcomes

Staying current with emerging GRC technologies, standards, and best practices

Supporting the Assurance team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST Certification; Along general state and federal healthcare, privacy, and security requirements

Ensuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirements

Ensuring compliance with Federal and State regulations / policies as they relate to healthcare privacy and security

Managing the reporting and tracking of the remediation of vulnerabilities within Arcadia

Updating processes and providing metrics on vulnerabilities to better resolve

Assisting in the automation of reporting metrics for compliance posture and leadership visibility

Providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives

Conducting detailed risk assessment and ensuring risks are mapped to appropriate controls

Ensuring infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)

Maintaining a matrix of client compliance requirements and performing regular compliance reviews

Maintaining Arcadia's trust portal and managing access for existing, prospective customers

Monitoring the implementation of any prescribed corrective actions resulting from client assessments

Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers

Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)

Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process

Maintaining currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external)

What You'll Bring

Strong understanding of control frameworks (e.g., SOC 2, ISO 27001, HITRUST CSF, NIST 800-53, NIST CSF) and their implementation

Experience using Vanta or similar GRC platforms

Hands-on experience with scripting tools (e.g., Python, PowerShell) and cloud platforms (e.g., AWS)

Experience automating compliance workflows using tools like Vanta, AWS, or scripting

Excellent organizational and communication skills, with the ability to collaborate across teams

Familiarity with HIPAA and other relevant healthcare and privacy regulations

Proactive approach to problem-solving and continuous improvement

At least 2-3 years of healthcare compliance experience

Experience in vulnerability management or knowledge of the process

Background in healthcare technology, EHR implementation, and healthcare compliance

Ability to work independently

Would Love For You To Have

5-7 years of experience in GRC roles, including audit preparation and risk management

Certifications such as CISA, CISSP, CISM, or equivalent

Background in healthcare technology and familiarity with EHR systems

Knowledge of securing network technologies, client, and server operating systems

Management of regulatory, internal, or external audits, or experience as an auditor

Strong understanding of HIPAA, Medicare, and Medicaid requirements

What You'll Get

The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform

You seek a fun culture that encourages you to speak up and fosters creative thinking

You want to use your skills to make an impact on healthcare

Support for your development, including support for obtaining and maintaining certifications

Awesome work environment

Competitive compensation

Great benefits like flextime time off

Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care

A flexible, remote friendly company with personality and heart

Employee driven programs and initiatives for personal and professional development

Be a member of the Arcadian and Barkadian Community