[Hiring] Staff Security Engineer - Governance, Risk, and Compliance @Foodsmart
Apr 12, 2025 - Foodsmart is hiring a remote Staff Security Engineer - Governance, Risk, and Compliance. 💸 Salary: unspecified. 📍Location: USA.
Role Description
Foodsmart seeks a Governance, Risk, and Compliance (GRC) Lead to independently manage compliance programs, respond to customer security inquiries, lead audit processes, and collaborate effectively with internal and external stakeholders. Reporting directly to the Chief Information Security Officer (CISO), this hands-on role requires a self-starter who can execute GRC initiatives with minimal supervision while serving as the primary interface for customer security/privacy audits and inquiries.
You will play a critical role in ensuring compliance with healthcare privacy regulations such as HIPAA, HITRUST CSF, CCPA, and other state-specific privacy laws. This position requires technical expertise combined with strong communication skills to balance regulatory requirements with business objectives.
- Conduct internal audits, risk assessments, and vulnerability scans to ensure compliance with HIPAA, HITRUST CSF, CCPA, and other privacy regulations.
- Own end-to-end management of external certifications (e.g., SOC 2, ISO 27001), including audit preparation, evidence collection, coordination with auditors, and remediation of findings.
- Respond to customer security questionnaires (e.g., SIG or CAIQ), audits, and due diligence requests, serve as the primary point of contact for external stakeholders regarding security/privacy inquiries.
- Collaborate with Sales, Legal, Product Development, and Engineering teams to address customer security concerns during contract negotiations or product development.
- Develop and maintain policies, procedures, controls, and training programs that align with regulatory requirements and industry standards.
- Perform risk assessments on cloud infrastructure (AWS), SaaS applications, and third-party vendors, implement actionable mitigation strategies.
- Monitor security incidents, support incident response activities including root cause analysis and corrective actions.
- Automate compliance workflows (e.g., evidence collection or control monitoring) to streamline processes.
- Stay updated on emerging threats and regulatory changes impacting healthcare privacy laws, proactively adapt policies to meet new requirements.
Qualifications
- At least 5-8 years of experience in governance, risk management, compliance (GRC), privacy, or information security roles within regulated industries such as healthcare or technology.
- Proven expertise in managing enterprise risks and leading compliance initiatives such as SOC 2 or HITRUST certification processes.
- Deep knowledge of healthcare privacy regulations like HIPAA and HITRUST CSF as well as state-specific laws like CCPA.
- Experience responding to customer security questionnaires (e.g., SIG or CAIQ) and managing customer audits or inquiries.
- Technical familiarity with cloud infrastructure (AWS), SaaS security models, vulnerability management tools, and risk assessment methodologies.
- Exceptional written and verbal communication skills, able to engage effectively with internal teams and external stakeholders such as auditors or customers.
Requirements
- A self-starter who thrives in a hands-on role with minimal supervision.
- A strong communicator with the ability to translate technical security concepts into actionable insights for non-technical stakeholders.
- Highly organized with exceptional attention to detail, able to manage multiple priorities in a fast-paced environment.
- Collaborative by nature, skilled at working across diverse teams including Sales, Legal, Product Development, Engineering, and external auditors/customers.
- Solution-oriented, focused on practical approaches that balance business needs with regulatory requirements.
Preferred Certifications
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- HITRUST Certified CSF Practitioner (CCSFP)
- ISO 27001 Lead Implementer/Auditor
Benefits
- Remote-First Company
- Unlimited PTO
- Flexible & remote location
- Healthcare Coverage (Medical, Dental, Vision)
- 401k, bonus, & stock options
- Registered Dietitian Sessions
- Wellness reimbursement
Similar Remote Jobs
More jobs at Foodsmart
-
Data Analysis unspecified USAApr 17, 2025
-
All others unspecified USAApr 12, 2025
More All Others jobs
-
All others 60,000.00 – 90,000.00 usd per year USAApr 27, 2025
-
All others unspecified USAApr 27, 2025
-
All others up to $790/week USAApr 27, 2025
More jobs in USA
-
All others 60,000.00 – 90,000.00 usd per year USAApr 27, 2025
Kickstart Your Job Search
Unlock 54,368 additional remote jobs, advanced search & email notifications
Too many emails? Declutter your inbox with Meco
Your home for reading newsletters
| 📍 | Be aware of the location restriction for this remote position: USA |
| ‼ | Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more. |
|
Salary
💸
unspecified
|
Remote
Location
USA
|
|
Job Type
unspecified
|
Posted
Apr 12, 2025
|
| 📍 | Be aware of the location restriction for this remote position: USA |
| ‼ | Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more. |
