Senior Security Engineer - Governance, Risk & Compliance

We Breathe Life Into Data

At Komodo Health, our mission is to reduce the global burden of disease. And we believe that smarter use of data is essential to this mission. That’s why we built the Healthcare Map — the industry’s largest, most complete, precise view of the U.S. healthcare system — by combining de-identified, real-world patient data with innovative algorithms and decades of clinical experience. The Healthcare Map serves as our foundation for a powerful suite of software applications, helping us answer healthcare’s most complex questions for our partners. Across the healthcare ecosystem, we’re helping our clients unlock critical insights to track detailed patient behaviors and treatment patterns, identify gaps in care, address unmet patient needs, and reduce the global burden of disease. 

As we pursue these goals, it remains essential to us that we stay grounded in our values: be awesome, seek growth, deliver “wow,” and enjoy the ride. At Komodo, you will be joining a team of ambitious, supportive Dragons with diverse backgrounds but a shared passion to deliver on our mission to reduce the burden of disease — and enjoy the journey along the way.

The Opportunity at Komodo Health

Our team is responsible for overseeing all aspects of security at Komodo Health. We implement and maintain security solutions to protect our systems and data, manage identity and access controls, and handle incident response. We also conduct security assessments, monitor for potential threats, and collaborate with other teams to ensure compliance with security policies and regulations. Our goal is to create a secure and resilient environment that supports the company's growth and innovation.

This role exists to enhance Komodo Health's security posture by ensuring effective governance, risk management, and compliance. The GRC Engineer will manage compliance initiatives, conduct risk assessments, and develop policies and procedures to protect sensitive data and maintain system integrity. This role will also contribute to continuous improvement in our GRC processes and ensure alignment with industry standards and regulations.

As a GRC Engineer, you will play a critical role in securing our systems and data while ensuring compliance with regulatory requirements. You will have the opportunity to work with cutting-edge GRC technologies, collaborate with cross-functional teams, and influence the development of our GRC strategy. Your work will directly impact the security and efficiency of our operations, providing a foundation for the company's continued growth and innovation.

Looking back on your first 12 months at Komodo Health, you will have…

• Successfully implemented optimizations to our GRC framework that align with industry standards.
• Conducted regular risk assessments and developed mitigation strategies.
• Ensured continuous compliance with relevant regulations and internal policies.
• Developed and implemented robust GRC policies and procedures.
• Enhanced the company's overall security posture through effective governance and risk management practices.

You will accomplish these outcomes through the following responsibilities…

• Develop and implement GRC policies and procedures.
• Conduct regular risk assessments and audits.
• Ensure compliance with industry standards and regulations.
• Collaborate with cross-functional teams to address compliance issues.
• Monitor and report on the effectiveness of GRC initiatives.
• Provide GRC-related training and support to other teams.
• Partner with HR to ensure alignment and integration between GRC systems and key HR systems, facilitating seamless onboarding and offboarding processes and maintaining accurate access controls.

What you bring to Komodo Health:

• Strong experience with GRC frameworks and tools.
• Proficiency in conducting risk assessments and audits.
• Knowledge of regulatory requirements and compliance management.
• Excellent communication and collaboration skills.
• Strong problem-solving and analytical skills.
• Experience with developing and implementing GRC policies and procedures.
• Familiarity with AWS systems and services.

Additional skills and experience we’d prioritize (nice to have)…

• Experience with GRC tools such as OneTrust
• Experience collaborating between product teams, Legal and Compliance teams, and Security teams.
• Familiarity with Azure systems and services.  
• Familiarity with microservices architecture.
• Knowledge of healthcare industry compliance requirements.
• Previous experience in a healthcare or technology environment.

#LIRemote

Where You’ll Work

Komodo Health has a hybrid work model; we recognize the power of choice and importance of flexibility for the well-being of both our company and our individual Dragons. Roles may be completely remote based anywhere in the country listed, remote but based in a specific region, or local (commuting distance) to one of our hubs in San Francisco, New York City, or Chicago with remote work options. 

What We Offer

Positions may be eligible for company benefits in accordance with Company policy. We offer a competitive total rewards package including medical, dental and vision coverage along with a broad range of supplemental benefits including 401k Retirement Plan, prepaid legal assistance, and more. We also offer paid time off for vacation, sickness, holiday, and bereavement. We are pleased to be able to provide 100% company-paid life insurance and long-term disability insurance. This information is intended to be a general overview and may be modified by the Company due to business-related factors.

Equal Opportunity Statement

Komodo Health provides equal employment opportunities to all applicants and employees. We prohibit discrimination and harassment of any type with regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.