Jobs · Information Technology · New York

Senior Security Engineer I, GRC

Oscar Health · New York, NY · 2 wk ago
Information Technology$164k/yrFull-time

About the role

The Principal GRC Engineer designs and operates the systems that enable continuous security assurance, deep risk visibility, and scalable regulatory compliance. Rather than managing documentation or preparing for audits, this role engineers the infrastructure that allows the organization to demonstrate security and compliance continuously through automation, telemetry, and self-evidencing controls.

Responsibilities

  • Design systems that continuously measure and validate security controls through operational telemetry, automated evidence generation, and control health monitoring.
  • Build automation and orchestration across security tools, cloud platforms, and engineering systems to eliminate manual compliance processes and reduce audit overhead.
  • Translate governance expectations into machine-enforceable guardrails embedded within infrastructure platforms, CI/CD pipelines, and engineering workflows.
  • Apply automation, orchestration, and AI-assisted capabilities to scale governance workflows, enabling intelligent analysis and adaptive control systems.
  • Architect control and telemetry pipelines where operational systems produce the evidence required for regulatory assurance and audit readiness.
  • Compliance with all applicable laws and regulations
  • Other duties as assigned

Requirements

  • 4+ years experience in Technology related field.
  • 4+ years experience in Security Engineering.
  • Bonus points:
    • Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST, HIPAA) and experience in ensuring organizational adherence to these standards.
    • Certifications such as CISSP, CISM, CISA, CEH, or vendor-specific certifications.
    • Proficiency in managing security projects, including planning, execution, and successful delivery within timelines and budgets.
    • 4+ years of experience in Security Engineering, DevSecOps, or Site Reliability Engineering (SRE), with at least 3 years specifically focused on GRC automation or internal security tooling.

Benefits

You are also eligible for employee benefits, participation in Oscar's unlimited vacation program, company equity grants and annual performance bonuses.

Pay

The base pay for this role is: $163,944 per year - $215,176 per year.

Schedule

This position is based in our New York City office, requiring a hybrid work schedule with 3 days of in-office work per week. Thursdays are a required in-office day for team meetings and events, while your other two office days are flexible to suit your schedule.

Similar jobs

Senior Security Engineer

Zermount, Inc.United States· 4 wk ago
RemoteInformation Technologyapply on zermount.isolvedhire.com

Senior Security Engineer

IrriWatchCarlsbad, CA· 2 mo ago
Information Technology$160k–$180k/yrapply on careers.hydrosat.com