Personalized mental health treatment for teens, young adults & families in crisis.
GRC Engineer
Location
United States
Posted
10 days ago
Salary
$130K - $175K / year
Seniority
Senior
Job Description
GRC Engineer
Charlie Health
• Transform Charlie Health’s compliance, risk and control programs into automated, measurable and continuously monitored systems • Partner closely with Information Security, IT Engineering, Compliance, Legal, Engineering and business teams to translate regulatory, contractual and risk requirements into automated controls, evidence pipelines, dashboards, workflows and continuous control monitoring • Help move Charlie Health from manual, point-in-time compliance activities toward scalable, system-driven assurance • Ensure that controls protecting patient, clinician, employee and company data are well-designed, consistently operated and supported by reliable evidence • Design, build and operate automated controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks • Build and maintain continuous control monitoring capabilities across identity, endpoints, cloud, SaaS platforms, security tools and business systems • Automate audit evidence collection across various systems
Job Requirements
- 5+ years of experience in GRC engineering, security engineering, compliance automation, IT risk, security operations, cloud security, infrastructure engineering or a related technical discipline
- Hands-on experience translating compliance, risk or security requirements into technical controls, workflows or automations
- Experience with frameworks such as HIPAA, SOC 2, NIST, ISO 27001, HITRUST, PCI or FedRAMP
- Experience working with enterprise systems such as Okta, Google Workspace, AWS, Jamf, Intune, SentinelOne, Wiz, Jira, Confluence, Slack or similar platforms
- Experience using APIs, scripting or workflow automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON
- Experience with audit evidence collection, control testing, remediation tracking or compliance reporting
- Familiarity with GRC platforms, compliance automation tools, ticketing systems or control monitoring systems
- Strong understanding of access control, endpoint security, cloud security, logging, vulnerability management and data protection concepts
- Ability to work cross-functionally with Security, IT Engineering, Compliance, Legal and business stakeholders
- Strong analytical thinking, ownership and ability to operate independently in ambiguous environments.
Benefits
- Comprehensive benefits to all full-time employees
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Regulatory Affairs Specialist – North America, LATAM, EU
AlimentivLearn about career opportunities, our culture, and our mission to improve human health.
• Responsible for the day-to-day activities and delivery of Global Regulatory Affairs support services. • Role will include management of clinical trial applications to Competent Authorities, Ethics Committees and Regulatory Agencies, and the research, review and reporting on applicable global regulations and requirements. • Develop stakeholder tools, process/document regulatory risk assessments, and provide support, expertise and represent the unit with other functional units, sponsors, researchers and/or regulatory authorities. • Ensure high quality, timely service delivery processes are maintained in accordance with corporate, industry and regulatory standards and guidelines. • May be required to coach peers and/or provide input for staff performance reviews.
Role Description Reset Tech is seeking a member of staff to take the lead on our portfolio of research that seeks to explore and develop insights into digital platforms' compliance with various legislative frameworks, including the Digital Services Act (EU) and the Online Safety Act (UK). The role involves: - Developing and delivering research outputs. - Managing and coordinating research projects. - Undertaking research tasks as needed, such as sock puppet management and data analysis. - Producing high-quality written insights for stakeholders and wider audiences. Qualifications - At least 5 years of experience coordinating research projects, including managing staff and contractors. - Strong grasp of regulations of large digital platforms in the EU (Digital Services Act) and UK (Online Safety Act). - Understanding of regulatory concerns relating to child safety and broader online harms. - Familiarity with a range of digital & AI platforms. - Experience with a range of research methods, especially sock puppet methods and feature and function testing. - Strong data analytic skills and attention to detail. - Excellent writing skills; able to deliver independent, rigorous research products. - An intrinsically motivated, self-starter. - Comfortable working in fast-paced, dynamic environments, able to thrive with ambiguity. - Fluency in English, and ideally, one other EU language. Requirements - Contribute to the development of a global compliance research strategy, especially around the protection of minors and scam mitigation. - Oversee research projects from ideation to completion, leading to high-quality outputs for delivery to regulators. - Manage inputs from a team of other researchers and contractors, including sock puppet methods, surveys, data science, and some OSINT. - Undertake some sock puppet research methods directly when other resources are unavailable. - Lead and grow sock puppet research methods, to develop Safety-by-Design testing methods. - Produce concise, evidence-based research reports, briefings, and data-driven insights. - Collaborate with key stakeholders, internal and external, across Europe and the UK on cross-cutting compliance issues. Benefits - Competitive compensation and benefits (30 days leave plus public holidays, study leave allowances, etc). - Remote-friendly role with optional co-working access in London or Berlin. - Opportunity to work on some of the most pressing digital threats of our time. - Impactful research environment with a mission-driven team shaping platform accountability. Company Description Reset Tech is a public policy organisation dedicated to tackling digital threats to society. We advocate for greater safeguards for our rights and security online. Our highly experienced team of researchers, policy experts, and technical and operational specialists work across Europe, Canada, and the United States.
• Advisory compliance — primary owner, all regions • Real-time trading guidance across all asset classes and venues • Building and maintaining a pre-cleared rules framework for recurring desk queries • Advising development, trading, and operations teams on building and maintaining compliant tools and processes • Building out a comprehensive algo trading governance framework covering the full lifecycle — pre-deployment approvals, ongoing monitoring, change management, business continuity, information security, and annual review • New market and product approvals • Core compliance — oversee two Compliance Officers responsible for: • Trade surveillance across all venues • Regulatory and exchange affairs — filings, registrations, regulator and exchange inquiries, client/due-diligence reviews, FCM interface • Policies and training — maintaining the policy framework and running the training program across all regions • AML and sanctions — screening vendors and counterparties (brokers, FCMs) • Leadership Supervising and developing two Compliance Officers • Representing compliance in cross-functional discussions with risk, development, and front office • Escalation point for non-routine compliance matters
• Interpret domestic and international sanctions (UAE, US, UK, EU, UN etc.) and maintain sufficient awareness and knowledge of Sanctions that impact the bank and/or its branches or subsidiaries. • Conduct investigation of complex and high-risk Sanctions alerts as per the regulatory requirements and in accordance with internal Compliance policies and procedures. • Ensure full adherence to Group Sanctions Policy, including but not limited to related Sanctions Guidance and operating procedures. • Support Compliance Manager in identifying Sanctions risk themes and trends and improve sanctions risk management capability. • Coordinate with the business units in relation to resolution of alerts and client information. • Handle Sanctions referrals as per the Bank’s policy, ensuring no breach of the applicable sanctions policies, standards and guidance. • Assist Compliance Manager in their responsibility for complying with all relevant Laws, Rules, Regulations and Group policies related to Sanctions. • Provide guidance, support and training to Compliance Operations alert review team and business colleagues on implementation of sanctions policies and procedures. • Provide effective support and maintain metrics as per internal procedures; prepare monthly and adhoc management reports. • Identify and escalate areas requiring attention or strengthening and recommend changes and improvements in line with industry standards and applicable regulations. • Record keeping. All records of the unit must be kept in a confidential and secure state and adhere to record retention policy and the SOP guidelines. • Maintain effective working relationships with Business, Operations and other Compliance functions. • Assist in Compliance projects as and when required including effective deployment of system and procedural changes as required.




