United States onlyAs a Security Engineer II on the Governance, Risk, and Compliance (GRC) team, you will be the primary engine driving our Security Questionnaire and Trust Assessment program. This is a critical role where you act as the bridge between our security posture and our external partners.
You will lead the end-to-end process for inbound security assessments from our healthcare partners and outbound assessments of our vendor ecosystem. You will translate Aledade’s complex technical architecture into clear, compliant, and persuasive responses that demonstrate our commitment to HIPAA, HITRUST, and NIST standards.
Primary Duties:
- Customer Trust & Enablement: Manage the end-to-end lifecycle of inbound security questionnaires from partner physician practices. Ensure responses are technically accurate, timely, and reflect our latest security posture.
- Third-Party Risk Management (TPRM): Lead security evaluations for Aledade’s vendors. Analyze SOC2 reports, penetration test results, and self-assessments to ensure our supply chain meets our rigorous healthcare security standards.
- Knowledge Base Mastery: Maintain and optimize our security response repository. You’ll ensure our "Source of Truth" is updated as our infrastructure evolves
- Process Optimization: Identify bottlenecks in the assessment workflow and implement scalable solutions, such as self-service "Trust Centers" for partners, to reduce the manual overhead of the GRC function.
Minimum Qualifications:
- 3 - 5 years of experience in Governance, Risk, and Compliance, Information Security or related fields.
- Practical experience working with SOC2, HIPAA, SOX/ITGC, HITRUST, and CPRA.
- Demonstrated experience preparing organizations for external audits and regulatory certifications.
- Hands-on experience with GRC platforms (e.g., Vanta, OneTrust, Archer, or similar).
Preferred Knowledge, Skills and/or Abilities:
- Knowledge of GRC frameworks and regulations (SOC 2, HIPAA, SOX/ITGC, HITRUST, CPRA, NIST, ISO 27001).
- Skilled in leveraging GRC platforms (e.g., Vanta, OneTrust) to automate compliance and streamline controls monitoring.
Physical Requirements:
- Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.
Who We Are:
Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place.
What Does This Mean for You?
At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission.
In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members:
Flexible work schedules and the ability to work remotely are available for many roles
Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners
Robust time-off plan (21 days of PTO in your first year)
Two paid volunteer days and 11 paid holidays
12 weeks paid parental leave for all new parents
Six weeks paid sabbatical after six years of service
Educational Assistant Program and Clinical Employee Reimbursement Program
401(k) with up to 4% match
Stock options
And much more!
At Aledade, we don’t just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation.
Privacy Policy: By applying for this job, you agree to Aledade's Applicant Privacy Policy available at https://www.aledade.com/privacy-policy-applicants
