Risk & Compliance Engineer
WebMD · Newark, NJ · 2 days ago
HybridFull-time
Responsibilities
- Continuous improvement using AI into all aspects of vendor risk management
- Lead and independently prioritize a range of vendor security risk assessments — scoped by service type and integration profile (HIPAA, infrastructure, application, etc.) — to verify compliance with contracts and internal security policies and standards
- Cook up vendor information risk activities across procurement, legal, and the business, including assessment criteria and re-assessments, with a focus on SOC 2-dependent vendors
- Partner with risk owners to design and negotiate risk treatment plans that prioritize genuine risk reduction over check-the-box control enhancements, and track them to closure
- Lead vendor risk reviews in bi-weekly management meetings to drive accountability for remediation
- Own risk reporting in OneTrust: ensure risk managers are tracking remediations, and develop and maintain KRIs and KPIs
- Build, maintain, and improve assessment methodology and questionnaires based on NIST 800-53r5 and the NIST RMF
- Embed security-by-design into projects and products to mitigate risk before it materializes
- Support internal assessments and external audits
Requirements
- AI Proficiency aiming to improve accuracy and accelerate process improvement
- 4 – 6 years leading vendor and third-party risk assessments (security, vendor, HIPAA, etc.) and managing identified risks to resolution
- Strong, practical command of risk and control concepts and GRC frameworks — NIST RMF, NIST 800-53r5, and related standards
- Experience leading discussions with risk owners to develop, negotiate, and close out risk treatment plans
- Hands-on experience with GRC / risk / compliance tooling (e.g., OneTrust, Archer)
- Experience building and maintaining organizational security risk metrics
- Strong written and verbal communication and the organizational skills to manage competing deadlines with limited oversight
- Ability to work independently while fostering cross-functional collaboration, with a consistent customer-first mindset and solid business acumen
Qualifications
- Bachelor's or advanced degree in a Science, Engineering, Information Systems, or Cybersecurity field (preferred, not required)
Skills
- Familiarity with AI/agentic systems and emerging AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001) — helpful for assessing AI vendors, but not required
- Relevant certifications (e.g., CISA, CRISC, CISSP, CCSP)
Benefits
- Salary range: $82,000 - $97,000
- Bonus Eligible: This position is also eligible for a discretionary company bonus, based upon business results.
- Benefits: Employees in this position are eligible to participate in the company sponsored benefit programs, including the following within the first 12 months of employment:
- Health Insurance (medical, dental, and vision coverage)
- Paid Time Off (including vacation, sick leave, and flexible holiday days)
- 401(k) Retirement Plan with employer matching
- Life and Disability Insurance
- Employee Assistance Program (EAP)
- Commuter and/or Transit Benefits (if applicable)