Back to jobs

Governance, Risk, & Compliance (GRC) Engineer

Pittsburgh, PA

About The Role…

The GRC Engineer will be responsible for implementing, maintaining, and improving policies, standards, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as information security best practices. The ideal candidate will have a security engineer mindset to building out GRC frameworks, automation, and integration of technical controls.  The GRC Engineer will proactively work with key business stakeholders to assess and design controls to reduce information security risk. The GRC Engineer should understand and articulate the impact of information security controls on the business and be able to communicate this to stakeholders.

What You’ll Do…

  • Risk Assessment: Identify, assess, and prioritize risks that could impact TeleTracking’s compliance, financial health, or reputation.
  • Compliance Management: Develop, implement, and maintain compliance programs and policies that align with regulatory requirements and industry best practices.
  • Auditing: Conduct internal and external audits to assess compliance with regulations and identify areas for improvement.
  • Reporting: Prepare and analyze compliance reports, metrics, and dashboards to track progress and identify trends.
  • Training and Awareness: Develop and deliver training programs to educate employees about compliance requirements and information security best practices.
  • Incident Management: Respond to compliance incidents, conduct investigations, and implement corrective actions.
  • Technology Implementation: Evaluate and implement GRC software and tools to streamline compliance processes and improve efficiency.
  • Continuous Improvement: Exploring opportunities to improve GRC processes through automation and continuous monitoring of information security controls, risks, and exceptions, and development of reporting metrics, dashboards, and evidence artifacts.
  • Assisting in the development and ongoing oversight of a vulnerability management program.
  • Managing the remediation of risks identified through the risk register process and contributing to the improvement of risk treatment plans and the overall risk management program.
  • Managing the security exception process, including the completion of security exceptions, tracking, and following up on alternative mitigating action items detailed within approved security exceptions.
  • Coordinating and tracking security-related audits including scope of audits, stakeholder engagement, and deliverable timelines; working with teams as appropriate to achieve audit readiness; providing guidance, evaluation, and advocacy on audit responses.
  • Maintaining the vendor risk management program including vendor reviews and vendor risk assessments; improving the program with the build-out of repositories, tools, and documentation for third-party vendor risk assurance.

What We Look For…

  • 7+ years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance and/or Internal Audit management.
  • Experience with GRC software tools and platforms (e.g., Vanta): Designing, Implementing, and Managing GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
  • Experience conducting risk assessments on operational processes, procedures, and policies; interpreting audit results and making conclusions on the adequacy and reliability of controls; preparing and presenting reports, as necessary.
  • Experience reviewing risk analysis, drafting corrective action plans, and driving the risk treatment process.
  • Experience conducting security compliance reviews and audits of on-premises and hosted environments, including AWS and Azure.
  • Experience working in a SaaS company environment.
  • Proven experience in implementing and maintaining HITRUST CSF and ISO 27001 compliance frameworks.
  • Experience working in a highly regulated industry vertical (e.g., healthcare).

Education

  • Bachelor’s degree in a technical discipline related to Information Technology.
  • Professional certifications such as CGRC, CISSP, CISA, CRISC, or similar are highly desirable.

 

About Us…

TeleTracking is the world’s leading integrated healthcare Operations Platform that is Expanding the Capacity to Care by combining comprehensive technology solutions with clinical operations expertise to improve access to care, delivery, and transitions of care. We work with more than 900 hospitals globally, including the 3 largest health systems in the United States, providing workflow automation and ai-based decision support that creates optimized patient flow, improved capacity management, reduced wait times, and increased growth without compromised quality of care. TeleTracking values people with an entrepreneurial spirit, creativity and building strong relationships with our employees. 

Benefits

  • Medical/dental/vision plans 100% paid for employees and family members without coverage, which start from day one!
  • Life and AD&D
  • Flexible Spending Accounts: Medical, Dependent Care, and Transportation
  • 401 (k) Retirement Savings
  • Tuition Reimbursement
  • Military Paid Leave (up to 6 months of base salary while on military leave)
  • Paid Time Off
  • Paid parental leave

Disclaimer:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position.

TeleTracking is an Equal Opportunity/Affirmative Action employer. TeleTracking recruits qualified applicants without regard to race, color, religion, gender, age, ethnic or national origin, veteran status, physical or mental disability, genetic information, sexual orientation or preference, gender identity, marital status, or citizenship status.

Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Please include your LinkedIn profile page. 

If you have a website and would like us to review it, please include it in your application. 

Select...
Select...
Select...
Select...
Select...

Did someone who works at TeleTracking urge you to apply?

Select...
Are you willing to relocate to Pittsburgh? *
Select...

We work in an office setting. 

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in TeleTracking Technologies, Inc.’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.