L
Senior GRC Engineer
Accepting applicationsLantern · Dallas, TX
Full-Time Mid_senior AIPythonSOCaiate
Posted
1d ago
Category
Test
Experience
Mid_senior
Country
United States
About Lantern
Lantern is the specialty care platform connecting people with the best care when they need it most. By curating a Network of Excellence comprised of the nation's top specialists for surgery, cancer care, infusions and more, Lantern delivers excellent care with significant cost savings to employers and their workforces. Lantern also pairs members with a dedicated care team, including Care Advocates and nurses, for the entirety of their care journey, helping them get back to good health, back to their families and back to work. With convenient access to specialists nationwide, Lantern means quality care is within driving distance for most. Lantern is trusted by the nation's largest employers to deliver care to more than 6 million members across the country. Learn more about us at lanterncare.com.
About You:
You use LOGIC in your decision making and understand that progress is critical to making change. You focus on the execution of your content while balancing a fast-paced environment and you take the time to celebrate both the small & big wins.
INCLUSION is a core tenant of your personal beliefs. A diverse and inclusive environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
You have the GRIT, drive and ambition to tackle big problems. Big problems require big ideas and a team that supports new ideas.
You care deeply for your customers are driven to keep HUMANITY in all decisions. Your customers aren’t just the individuals using your product. They are the driving factor in your motivation to make a change.
Integrity guides you in life. Focusing on the TRUTH vs. giving people the answers they want to hear.
You thrive in a Team Environment. Collaboration is key in innovation and creating change.
These pillars of LIGHT are a reminder to our team that we are making a difference by providing guidance and support in navigating the often complex and confusing landscape of healthcare. We hope that through this LIGHT, individuals can find their way to the best care, resources, and support they need to get back to life.
If this sounds like you, we would love to connect to speak further about career opportunities at Lantern.
Please apply to our role & someone from our Talent Acquisition Team will reach out to help you navigate our interview process.
Lantern is seeking a Senior GRC Engineer to join our GRC team as a key individual contributor. This role is built specifically for someone who builds compliance infrastructure, not just manages it. You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform.
This is not a checkbox compliance role. We are deploying AI across our platform to improve how members access specialty care, and we need a GRC engineer who writes code to solve compliance problems, builds automation that eliminates manual evidence collection, and can govern the AI systems we are actively deploying. If you think in systems, reach for Python before a spreadsheet, and want to shape what a modern GRC function looks like, this role was built for you.
Location: Hybrid - at least 4 days/wk in our Dallas, TX offices
Responsibilities:
Compliance Automation & Evidence Engineering
Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing
AI Governance
Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools
Healthcare Compliance
Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap
Risk & Vendor Management
Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase
Requirements:
5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
Has built something using an LLM or AI framework: a working tool, even a prototype.
Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better
Technical Skills:
Experience with continuous control monitoring, integrating compliance checks into CI/CD or cloud infrastructure
Working knowledge of Python, SQL, or equivalent for data extraction, risk scoring, and compliance automation
Experience with cloud security controls in Azure
Certifications (Preferred)
CISA, CRISC, CISM, or CISSP
HITRUST CCSFP a strong plus
Strong Candidates Will:
Build systems, not checklists. Manual processes are temporary; automation is the goal
Move with urgency and precision, flagging risk before it becomes an issue
Balance rigor with pragmatism, enabling the organization to move fast while staying protected
Communicate clearly to both technical and non-technical audiences without losing nuance
Bring genuine curiosity about AI. Follow the space and have formed opinions
Embody Lantern’s LIGHT pillars (Logic, Inclusion, Grit, Humanity, Truth) in every interaction
Benefits
Medical Insurance
Dental Insurance
Vision Insurance
Short & Long Term Disability
Life Insurance
401k with company match
Flexible Time Off
Paid Parental Leave
Lantern does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Show more Show less
Lantern is the specialty care platform connecting people with the best care when they need it most. By curating a Network of Excellence comprised of the nation's top specialists for surgery, cancer care, infusions and more, Lantern delivers excellent care with significant cost savings to employers and their workforces. Lantern also pairs members with a dedicated care team, including Care Advocates and nurses, for the entirety of their care journey, helping them get back to good health, back to their families and back to work. With convenient access to specialists nationwide, Lantern means quality care is within driving distance for most. Lantern is trusted by the nation's largest employers to deliver care to more than 6 million members across the country. Learn more about us at lanterncare.com.
About You:
You use LOGIC in your decision making and understand that progress is critical to making change. You focus on the execution of your content while balancing a fast-paced environment and you take the time to celebrate both the small & big wins.
INCLUSION is a core tenant of your personal beliefs. A diverse and inclusive environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
You have the GRIT, drive and ambition to tackle big problems. Big problems require big ideas and a team that supports new ideas.
You care deeply for your customers are driven to keep HUMANITY in all decisions. Your customers aren’t just the individuals using your product. They are the driving factor in your motivation to make a change.
Integrity guides you in life. Focusing on the TRUTH vs. giving people the answers they want to hear.
You thrive in a Team Environment. Collaboration is key in innovation and creating change.
These pillars of LIGHT are a reminder to our team that we are making a difference by providing guidance and support in navigating the often complex and confusing landscape of healthcare. We hope that through this LIGHT, individuals can find their way to the best care, resources, and support they need to get back to life.
If this sounds like you, we would love to connect to speak further about career opportunities at Lantern.
Please apply to our role & someone from our Talent Acquisition Team will reach out to help you navigate our interview process.
Lantern is seeking a Senior GRC Engineer to join our GRC team as a key individual contributor. This role is built specifically for someone who builds compliance infrastructure, not just manages it. You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform.
This is not a checkbox compliance role. We are deploying AI across our platform to improve how members access specialty care, and we need a GRC engineer who writes code to solve compliance problems, builds automation that eliminates manual evidence collection, and can govern the AI systems we are actively deploying. If you think in systems, reach for Python before a spreadsheet, and want to shape what a modern GRC function looks like, this role was built for you.
Location: Hybrid - at least 4 days/wk in our Dallas, TX offices
Responsibilities:
Compliance Automation & Evidence Engineering
Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing
AI Governance
Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools
Healthcare Compliance
Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap
Risk & Vendor Management
Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase
Requirements:
5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
Has built something using an LLM or AI framework: a working tool, even a prototype.
Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better
Technical Skills:
Experience with continuous control monitoring, integrating compliance checks into CI/CD or cloud infrastructure
Working knowledge of Python, SQL, or equivalent for data extraction, risk scoring, and compliance automation
Experience with cloud security controls in Azure
Certifications (Preferred)
CISA, CRISC, CISM, or CISSP
HITRUST CCSFP a strong plus
Strong Candidates Will:
Build systems, not checklists. Manual processes are temporary; automation is the goal
Move with urgency and precision, flagging risk before it becomes an issue
Balance rigor with pragmatism, enabling the organization to move fast while staying protected
Communicate clearly to both technical and non-technical audiences without losing nuance
Bring genuine curiosity about AI. Follow the space and have formed opinions
Embody Lantern’s LIGHT pillars (Logic, Inclusion, Grit, Humanity, Truth) in every interaction
Benefits
Medical Insurance
Dental Insurance
Vision Insurance
Short & Long Term Disability
Life Insurance
401k with company match
Flexible Time Off
Paid Parental Leave
Lantern does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Show more Show less