Charlie Health Logo

Charlie Health

GRC Engineer

Posted 8 Days Ago
Remote or Hybrid
Hiring Remotely in United States
130K-175K Annually
Senior level
Remote or Hybrid
Hiring Remotely in United States
130K-175K Annually
Senior level
Build and operate automated compliance and continuous control monitoring systems to support HIPAA, SOC 2, NIST and related frameworks. Automate evidence collection, integrate GRC and source systems, create dashboards and workflows, identify and remediate control gaps, and support audit readiness. Partner cross-functionally with Security, IT, Compliance, Legal and Engineering to embed controls and improve compliance automation and AI governance.
The summary above was generated by AI
 Why Charlie Health?

Millions of people across the country are navigating mental health conditions, substance use disorders, and eating disorders, but too often, they’re met with barriers to care. From limited local options and long wait times to treatment that lacks personalization, behavioral healthcare can leave people feeling unseen and unsupported.

Charlie Health exists to change that. Our mission is to connect the world to life-saving behavioral health treatment. We deliver personalized, virtual care rooted in connection—between clients and clinicians, care teams, loved ones, and the communities that support them. By focusing on people with complex needs, we’re expanding access to meaningful care and driving better outcomes from the comfort of home.

As a rapidly growing organization, we're reaching more communities every day and building a team that’s redefining what behavioral health treatment can look like. If you're ready to use your skills to drive lasting change and help more people access the care they deserve, we’d love to meet you.

About the Role

The GRC Engineer is responsible for transforming Charlie Health’s compliance, risk and control programs into automated, measurable and continuously monitored systems. This is a hands-on engineering role focused on building the technical foundations that support HIPAA, SOC 2, NIST and other compliance requirements.

This role will partner closely with Information Security, IT Engineering, Compliance, Legal, Engineering and business teams to translate regulatory, contractual and risk requirements into automated controls, evidence pipelines, dashboards, workflows and continuous control monitoring.

Our Information Security and IT organizations treat compliance as an engineering discipline. We value ownership, automation, measurable outcomes, reliability, auditability and continuous improvement. The GRC Engineer will help move Charlie Health from manual, point-in-time compliance activities toward scalable, system-driven assurance.

Charlie Health operates in a highly regulated healthcare environment. This role will help ensure that controls protecting patient, clinician, employee and company data are well-designed, consistently operated and supported by reliable evidence.

ResponsibilitiesCompliance Engineering & Control Automation
  • Design, build and operate automated controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks
  • Translate compliance requirements into technical control logic, workflows, integrations, dashboards and evidence pipelines
  • Build scalable systems that reduce manual compliance work and improve confidence in control effectiveness
  • Partner with Security, IT, Compliance and Engineering teams to embed control requirements into systems and operating processes
Continuous Control Monitoring
  • Build and maintain continuous control monitoring capabilities across identity, endpoints, cloud, SaaS platforms, security tools and business systems
  • Define control health metrics, thresholds, alerts and reporting mechanisms
  • Identify control gaps, exceptions and drift, then partner with control owners to drive remediation
  • Improve visibility into the design, operation and effectiveness of key controls
Evidence Automation & Audit Readiness
  • Automate audit evidence collection across systems such as Okta, Google Workspace, Jamf, Intune, SentinelOne, Wiz, AWS, Jira, Confluence, Slack and GRC platforms
  • Build repeatable evidence workflows that support HIPAA, SOC 2, customer due diligence, vendor assessments and internal risk reviews
  • Improve the quality, consistency and traceability of audit evidence
  • Partner with Compliance, Legal and external auditors to reduce audit burden and improve readiness
GRC Systems, Integrations & Reporting
  • Configure and improve GRC platforms, compliance tools, ticketing systems, documentation repositories and reporting workflows
  • Build integrations between GRC systems and source systems of record using APIs, webhooks, scripts and workflow automation tools
  • Develop dashboards and reports that show control health, remediation status, audit readiness and risk trends
  • Maintain documentation for control logic, data sources, automations and operational procedures
Risk, Remediation & Exception Management
  • Support risk and control assessments by providing technical analysis, control evidence and remediation tracking
  • Build workflows for risk acceptance, exception management, corrective action plans and control remediation
  • Partner with control owners to ensure findings are tracked, prioritized and resolved
  • Help define metrics that measure risk reduction, compliance maturity and control reliability
AI Governance & Emerging Compliance Automation
  • Help evaluate how AI tools, LLM platforms and AI-enabled workflows affect compliance, privacy and security requirements
  • Support governance controls for enterprise AI adoption, including access, logging, data protection, review workflows and evidence collection
  • Identify opportunities to use automation and AI responsibly to improve GRC operations
  • Stay current on emerging approaches to compliance automation, continuous assurance and AI-enabled GRC
Required Qualifications
  • 3+ years of experience in GRC engineering, security engineering, compliance automation, IT risk, security operations, cloud security, infrastructure engineering or a related technical discipline
  • Hands-on experience translating compliance, risk or security requirements into technical controls, workflows or automations
  • Experience with frameworks such as HIPAA, SOC 2, NIST, ISO 27001, HITRUST, PCI or FedRAMP
  • Experience working with enterprise systems such as Okta, Google Workspace, AWS, Jamf, Intune, SentinelOne, Wiz, Jira, Confluence, Slack or similar platforms
  • Experience using APIs, scripting or workflow automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON
  • Experience with audit evidence collection, control testing, remediation tracking or compliance reporting
  • Familiarity with GRC platforms, compliance automation tools, ticketing systems or control monitoring systems
  • Strong understanding of access control, endpoint security, cloud security, logging, vulnerability management and data protection concepts
  • Ability to work cross-functionally with Security, IT Engineering, Compliance, Legal and business stakeholders
  • Strong analytical thinking, ownership and ability to operate independently in ambiguous environments
Preferred Qualifications
  • Experience in healthcare or other regulated environments
  • Experience supporting HIPAA, SOC 2, NIST, HITRUST, ISO 27001 or similar programs
  • Experience building automated evidence pipelines or continuous control monitoring capabilities
  • Experience with GRC or compliance automation platforms such as Vanta, Drata, Secureframe, AuditBoard, Archer, ServiceNow GRC or similar tools
  • Experience with data analytics, dashboards, SQL, BI tools or control reporting
  • Experience supporting customer security reviews, vendor assessments or audit response workflows
  • Experience with AI governance, AI risk management, LLM platforms or AI-enabled compliance automation
  • Familiarity with Zero Trust principles and identity-centric security models
Benefits

Charlie Health is pleased to offer comprehensive benefits to all full-time employees. Read more about our benefits here.

Additional Information

The total target base compensation for this role will be between $130,000 and $175,000 per year at the commencement of employment. Please note, pay will be determined on an individualized basis and will be impacted by location, experience, leveling, expertise, internal pay equity, and other relevant business considerations. Further, cash compensation is only part of the total compensation package, which, depending on the position, may include stock options and other Charlie Health-sponsored benefits.

Our Values
  • Connection: Care deeply & inspire hope.
  • Congruence: Stay curious & heed the evidence.
  • Commitment: Act with urgency & don’t give up.

Please do not call our public clinical admissions line in regard to this or any other job posting.

Please be cautious of potential recruitment fraud. If you are interested in exploring opportunities at Charlie Health, please go directly to our Careers Page: https://www.charliehealth.com/careers/current-openings. Charlie Health will never ask you to pay a fee or download software as part of the interview process with our company. In addition, Charlie Health will not ask for your personal banking information until you have signed an offer of employment and completed onboarding paperwork that is provided by our People Operations team. All communications with Charlie Health Talent and People Operations professionals will only be sent from @charliehealth.com email addresses. Legitimate emails will never originate from gmail.com, yahoo.com, or other commercial email services.

Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.

At Charlie Health, we value being an Equal Opportunity Employer. We strive to cultivate an environment where individuals can be their authentic selves. Being an Equal Opportunity Employer means every member of our team feels as though they are supported and belong. We value diverse perspectives to help us provide essential mental health and substance use disorder treatments to all young people.

Charlie Health applicants are assessed solely on their qualifications for the role, without regard to disability or need for accommodation.

By clicking "Submit application" below, you agree to Charlie Health's Privacy Policy and Terms of Service.

By submitting your application, you agree to receive SMS messages from Charlie Health regarding your application. Message and data rates may apply. Message frequency varies. You can reply STOP to opt out at any time. For help, reply HELP.

Similar Jobs

2 Days Ago
Remote
USA
130K-150K Annually
Senior level
130K-150K Annually
Senior level
Hardware • Machine Learning • Security • Software
Lead engineering-driven GRC initiatives to scale continuous compliance. Support SOC 2, ISO 27001/27701, CJIS, customer security reviews, audit readiness, evidence collection, policy maintenance, and automation of compliance workflows while partnering with Engineering, Security, Legal, Privacy, and Product.
Top Skills: AWSCjisIso 27001Iso 27701Soc 2
17 Days Ago
Remote
United States
Senior level
Senior level
Artificial Intelligence • Information Technology • Software
Lead client-facing federal compliance engagements for NIST SP 800-53 and FedRAMP: perform gap assessments, develop SSPs and POA&Ms, coordinate A&A with 3PAOs, mentor a small compliance team, and drive remediation and continuous monitoring for FedRAMP baselines.
Top Skills: Aws GovcloudAzure GovernmentCloud Service Providers (Csps)CmmcFedrampGcc HighGdprIso 27001Nist Risk Management Framework (Rmf)Nist Sp 800-171Nist Sp 800-53Soc 2
9 Days Ago
Remote
U.S.
227K-267K Annually
Senior level
227K-267K Annually
Senior level
Software
As a Senior AI GRC Engineer, you'll lead AI governance initiatives, implement compliance frameworks, and partner with engineering teams to ensure sustainable AI practices at Vanta.
Top Skills: Ai GovernanceAnthropic ProductsAWSCursorGoIso 42001LangchainOpenai ProductsPythonRisk And Compliance FrameworksTypescript

What you need to know about the Chicago Tech Scene

With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.

Key Facts About Chicago Tech

  • Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
  • Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
  • Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
  • Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account