Senior GRC Engineer

Senior GRC Engineer

Lantern is seeking a Senior GRC Engineer to build compliance infrastructure across security engineering, AI governance, and healthcare compliance. The role focuses on writing code to solve compliance problems, automating evidence collection, and governing AI systems deployed on the benefits platform.

Location: Hybrid – at least 3 days per week in Dallas, TX offices.

• Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines) and eliminate manual evidence collection.
• Build and maintain continuous control monitoring workflows integrated into engineering pipelines.
• Design compliance‑as‑code and policy‑as‑code solutions; own the technical architecture of automated control testing.
• Operate and extend the GRC platform (e.g., Service Now GRC, Drata, One Trust) as an engineer, including building integrations and automating evidence routing.
• Build and maintain Lantern’s AI risk register and AI systems inventory, and perform pre‑deployment risk assessments for new AI use cases.
• Implement AI governance controls aligned to the NIST AI RMF, focusing on model risk, bias, transparency, and accountability.
• Monitor HHS AI policy, EU AI Act, and state‑level regulations; translate emerging requirements into automatable controls.
• Govern AI systems used within the GRC function, such as LLM‑powered evidence analysis tools.
• Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring.
• Support HITRUST CSF certification and SOC 2 Type II audit cycles by building automated evidence pipelines.
• Map the control environment against NIST CSF, identify gaps, and build a prioritized, automatable remediation roadmap.
• Build and maintain the enterprise risk register with automated KRI tracking and outcome‑based reporting for leadership.
• Run the third‑party risk management (TPRM) program with continuous monitoring; conduct vendor risk assessments focusing on cloud vendors handling PHI and AI/ML vendors embedding models.

• 5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health‑tech.
• Demonstrated ability to write code that extracts evidence directly from systems, not just configure workflow tools.
• Experience building something using an LLM or AI framework: a working tool or prototype.
• Engineer mindset: seek to eliminate manual compliance processes through automation.

• Continuous control monitoring integrated into CI/CD or cloud infrastructure.
• Proficiency in Python, SQL, or equivalent for data extraction, risk scoring, and compliance automation.
• Experience with cloud security controls in Azure.

• CISA, CRISC, CISM, or CISSP.
• HITRUST CCSFP.

• Medical, dental, and vision insurance.
• Short‑ and long‑term disability.
• Life insurance.
• 401(k) with company match.
• Flexible time off.
• Paid parental leave.

Lantern does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.