Jobs · New Jersey

Risk & Compliance Engineer

WebMD · Newark, NJ · 2 days ago
HybridFull-time

Responsibilities

  • Continuous improvement using AI into all aspects of vendor risk management
  • Lead and independently prioritize a range of vendor security risk assessments — scoped by service type and integration profile (HIPAA, infrastructure, application, etc.) — to verify compliance with contracts and internal security policies and standards
  • Cook up vendor information risk activities across procurement, legal, and the business, including assessment criteria and re-assessments, with a focus on SOC 2-dependent vendors
  • Partner with risk owners to design and negotiate risk treatment plans that prioritize genuine risk reduction over check-the-box control enhancements, and track them to closure
  • Lead vendor risk reviews in bi-weekly management meetings to drive accountability for remediation
  • Own risk reporting in OneTrust: ensure risk managers are tracking remediations, and develop and maintain KRIs and KPIs
  • Build, maintain, and improve assessment methodology and questionnaires based on NIST 800-53r5 and the NIST RMF
  • Embed security-by-design into projects and products to mitigate risk before it materializes
  • Support internal assessments and external audits

Requirements

  • AI Proficiency aiming to improve accuracy and accelerate process improvement
  • 4 – 6 years leading vendor and third-party risk assessments (security, vendor, HIPAA, etc.) and managing identified risks to resolution
  • Strong, practical command of risk and control concepts and GRC frameworks — NIST RMF, NIST 800-53r5, and related standards
  • Experience leading discussions with risk owners to develop, negotiate, and close out risk treatment plans
  • Hands-on experience with GRC / risk / compliance tooling (e.g., OneTrust, Archer)
  • Experience building and maintaining organizational security risk metrics
  • Strong written and verbal communication and the organizational skills to manage competing deadlines with limited oversight
  • Ability to work independently while fostering cross-functional collaboration, with a consistent customer-first mindset and solid business acumen

Qualifications

  • Bachelor's or advanced degree in a Science, Engineering, Information Systems, or Cybersecurity field (preferred, not required)

Skills

  • Familiarity with AI/agentic systems and emerging AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001) — helpful for assessing AI vendors, but not required
  • Relevant certifications (e.g., CISA, CRISC, CISSP, CCSP)

Benefits

  • Salary range: $82,000 - $97,000
  • Bonus Eligible: This position is also eligible for a discretionary company bonus, based upon business results.
  • Benefits: Employees in this position are eligible to participate in the company sponsored benefit programs, including the following within the first 12 months of employment:
    • Health Insurance (medical, dental, and vision coverage)
    • Paid Time Off (including vacation, sick leave, and flexible holiday days)
    • 401(k) Retirement Plan with employer matching
    • Life and Disability Insurance
    • Employee Assistance Program (EAP)
    • Commuter and/or Transit Benefits (if applicable)

Similar jobs