Security Engineer - GRC (Governance, Risk & Compliance)

Security Engineer - GRC (Governance, Risk & Compliance)

Machinify is a leading healthcare intelligence company with expertise across the payment continuum, delivering unmatched value, transparency, and efficiency to health plan clients across the country. Deployed by over 85 health plans, including many of the top 20, and representing more than 270 million lives, Machinify brings together a fully configurable and content-rich, AI-powered platform along with best-in-class expertise.

About the Opportunity

At Machinify, we’re building a robust security program to protect our clients’ sensitive healthcare data and maintain the highest standards of information security. As part of the Security GRC team, you will play a critical technical role in configuring, automating, and integrating Machinify’s GRC platform (Vanta) to support compliance management, audit readiness, and risk program operations across the organization. As a Security Engineer focused on GRC, you will bridge technical implementation and compliance requirements—helping streamline evidence collection, automate control monitoring, and connect Vanta to Machinify’s infrastructure and tooling. This role is well-suited for candidates with a mix of technical aptitude and compliance interest who want to build deep expertise in GRC platform engineering within a complex, multi-entity healthcare environment undergoing active transformation.

What you’ll do

• Primary Responsibilities – GRC Platform Engineering & Automation (70% of role):
• Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities
• Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources
• Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles
• Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture
• Monitor control health dashboards and manage remediation workflows for failing or at-risk controls
• Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows
• Support access review automation through Vanta, ensuring timely completion and accurate documentation