Staff Engineer, GRC

About OpenLoop

OpenLoop was co-founded by CEO, Dr. Jon Lensing, and COO, Christian Williams, with the vision to bring care anywhere. Our telehealth support solutions are thoughtfully designed to streamline and simplify go-to-market care delivery for companies offering meaningful virtual support to patients across an expansive array of specialties, in all 50 states.

About the Role

OpenLoop's mission is to bring care anywhere by powering tele-health solutions at scale. The Security Governance, Risk, and Compliance (GRC) team builds the guardrails that let OpenLoop move fast while managing risk — enterprise risk management, security compliance, third-party risk, business resilience, and AI governance.

We are hiring a GRC Engineer to sit at the intersection of security governance and technical automation. You will build the systems, integrations, and automated workflows that power OpenLoop's GRC program — from continuous evidence collection and control testing in Vanta, to AI governance operations supporting our AI Governance Council, to the business intelligence dashboards that give security leadership and the broader security organization real-time visibility into posture, risk, and program health.

What You'll Do:

• Design, build, and maintain automated evidence collection and continuous control testing workflows in Vanta and supporting tools.

• Develop and operate GRC automation pipelines using Claude Code and similar AI-assisted development tools — writing scripts, building integrations, and eliminating manual compliance processes at speed.

• Build and maintain business intelligence dashboards and metrics reporting for the Security GRC team and broader security organization — including security posture, issue tracking, exception management, risk trends, and program delivery metrics.

• Develop integrations between GRC platforms, cloud environments (AWS, GCP), identity providers, and business systems to automate compliance data flows.

• Operationalize the AI Governance Council's review process — build intake workflows, risk assessment tooling, and tracking for AI use case governance.

• Develop and maintain AI risk assessment frameworks and guardrails aligned to NIST AI RMF, ISO 42001, and emerging regulatory requirements.

• Support SOC 2 Type II, HITRUST, HIPAA SRA/PRA, and other audit and assurance activities, through automated evidence preparation and control documentation.

• Write scripts and build tooling (Python, APIs, workflow platforms, AI-assisted coding tools) to reduce cycle time and focus on scaling

• Maintain and improve the control framework — map controls to obligations, identify gaps, and automate testing where possible.

• Partner with SecOps, IT, Privacy, and Engineering teams to integrate GRC requirements into their toolchains and workflows.

• Support enterprise risk management activities including risk register maintenance, KRI automation, and risk reporting.

• Define and track key metrics across the security organization — translating raw data into executive-ready insights that drive decisions and demonstrate program maturity.

• Other duties as assigned.

Who You Are

Required Qualifications

• 5+ years of combined experience in GRC, security engineering, or compliance automation, with demonstrated ability to build automated workflows and integrations.

• Experienced cloud security engineer that has moved into governance, believing that in automated GRC best practices

• Hands-on experience automating GRC workflows using Claude Code or similar AI-assisted development tools (e.g., Cursor, GitHub Copilot). Must be able to demonstrate practical AI-assisted automation work.

• Hands-on experience with GRC platforms, preferably Vanta. Ability to configure, customize, and extend platform capabilities.

• Proficiency in Python scripting and REST API integration for evidence collection, data transformation, and workflow automation.

• Strong business intelligence and data visualization skills — experience building dashboards and metrics reporting (Looker, Tableau, Power BI, or similar) for security or risk programs.

• Strong understanding of control frameworks (SOC 2, HITRUST, HIPAA, NIST CSF) and how to operationalize them through tooling.

• Working knowledge of AI/ML risk frameworks (NIST AI RMF, ISO 42001) and practical experience with AI governance processes.

• Experience with cloud platforms (AWS or GCP) including security configuration review and evidence collection

• Self-directed and comfortable operating with high autonomy in a lean, fast-paced environment.

Preferred Qualifications

• Experience supporting AI governance councils or responsible AI programs.

• Familiarity with data governance frameworks (CDMC, DAMA DMBOK) and data quality/availability standards.

• CISSP, CISA, CCSK, or equivalent certifications.

• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD pipeline security.

• Background in healthcare, fintech, or other regulated industries.

• Experience building executive-level security metrics programs or security scorecards.

Our Benefits

In addition, for salaried positions you would also be eligible for:

• Medical, Dental, and Vision plans

• Flexible Spending/Health Savings Accounts

• Flexible PTO

• 401(k) + Company Match

• Life Insurance, Pet insurance, and more

Our Company

We have a relatively flat organizational structure here at OpenLoop. Everyone is encouraged to bring ideas to the table and make things happen. This fits in well with our core values of Autonomy, Competence and Belonging, as we want everyone to feel empowered and supported to do their best work.

Sound like a good fit? We’d love to meet you.