SeniorGRCEngineer

Biograph is looking for a founding GRC Engineer to help us mature and scale a modern, automation-first compliance program to secure our data-driven approach to preventative care. Our small and nimble engineering team thrives on ownership and autonomy. We're building foundational systems with an eye toward scalability and an emphasis on best practices. We're looking for an "engineer-first" GRC practitioner who values product and communication as much as technical excellence. Joining this early provides a great opportunity to help shape our technical systems, security posture, and culture. This is a hybrid role. Team members typically work in our Manhattan office ~3 days a week, with empathetic flexibility. WHAT YOU WILL DO We are building new impactful products and need to secure our infrastructure for the future. Your immediate mission will be to lead and advance our HIPAA compliance initiatives, ensuring rigorous security standards across our environment. You will have opportunities across our tech stack: - Build and Execute: Lead the strategy and execution of our HIPAA compliance operations, identifying technical gaps, authoring policies, and implementing required controls. Lay the architectural groundwork for upcoming SOC 2 and HITRUST certifications. - GRC Engineering & Automation: Own the implementation, configuration, and maintenance of continuous compliance automation platforms (e.g., Vanta, Drata, or Secureframe), integrating them deeply into our tech stack. - Infrastructure Integration: Design and build automated evidence collection workflows using scripts (Python, Go, or similar) to pull data from our GCP environment, identity providers, and SaaS tools. Partner with DevOps to embed compliance checks directly into CI/CD pipelines. - Risk & Governance: Replace manual audits with Continuous Control Monitoring (CCM). Conduct internal risk assessments and threat modeling tailored to cloud-native, health care environments. WHAT YOU BRING TO THE ROLE - 6+ years o