Healthcare Systems of America
GRC Vulnerability Engineer
Healthcare Systems of America, Coral Gables, Florida, United States
WE ARE HEALTHCARE SYSTEMS OF AMERICA.
Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.
Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.
WHAT WE OFFER
Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.
POSITION SUMMARY
The GRC Vulnerability Engineer is responsible for assessing, managing, and tracking vulnerabilities across the organization's IT systems while ensuring alignment with governance, risk, and compliance frameworks. This role bridges cybersecurity operations with GRC functions to ensure that vulnerability management supports risk mitigation strategies and meets regulatory requirements, especially in a healthcare environment governed by HIPAA, HITECH, and NIST standards. PRIMARY RESPONSIBILITIES
Vulnerability Management
Perform regular vulnerability scans across servers, endpoints, and cloud environments using industry-standard tools.
Analyze scan results, prioritize findings based on risk, and track remediation to resolution.
Partner with IT and engineering teams to validate and mitigate identified vulnerabilities.
Establish metrics and reporting on vulnerability trends and remediation progress.
Risk and Compliance Alignment
Map vulnerabilities to risk registers and compliance requirements (HIPAA, HITECH, NIST 800-53/CSF).
Assist in documenting and updating risk assessment reports related to system weaknesses or known threats.
Provide technical insights during third-party audits and risk assessments.
Maintain documentation of all vulnerability management activities and support audit readiness.
Governance & Controls
Contribute to the development and enforcement of security policies and technical standards.
Ensure consistent application of security controls across systems and networks.
Recommend and implement best practices for patching and system hardening.
Collaborate with the GRC team to support security awareness and control enforcement programs.
EXPERIENCE/EDUCATION REQUIREMENTS
Bachelor's degree in Cybersecurity, Information Technology, or related field.
3+ years of experience in vulnerability management, security engineering, or GRC roles.
Strong knowledge of vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Nessus).
Familiarity with compliance frameworks and regulations: HIPAA, HITECH, NIST, CIS Controls.
Ability to communicate technical issues and risk to non-technical stakeholders.
Solid understanding of operating systems, networking, and cloud infrastructure security.
Preferred Qualifications
Certifications such as CISSP, CEH, GSEC, CRISC, or CompTIA Security+.
Experience working in a healthcare environment or regulated industry.
Familiarity with GRC platforms (e.g., FortifyData, ServiceNow GRC, Archer, OneTrust).
Experience with automated patch management and system hardening tools.
Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.
Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.
WHAT WE OFFER
Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.
POSITION SUMMARY
The GRC Vulnerability Engineer is responsible for assessing, managing, and tracking vulnerabilities across the organization's IT systems while ensuring alignment with governance, risk, and compliance frameworks. This role bridges cybersecurity operations with GRC functions to ensure that vulnerability management supports risk mitigation strategies and meets regulatory requirements, especially in a healthcare environment governed by HIPAA, HITECH, and NIST standards. PRIMARY RESPONSIBILITIES
Vulnerability Management
Perform regular vulnerability scans across servers, endpoints, and cloud environments using industry-standard tools.
Analyze scan results, prioritize findings based on risk, and track remediation to resolution.
Partner with IT and engineering teams to validate and mitigate identified vulnerabilities.
Establish metrics and reporting on vulnerability trends and remediation progress.
Risk and Compliance Alignment
Map vulnerabilities to risk registers and compliance requirements (HIPAA, HITECH, NIST 800-53/CSF).
Assist in documenting and updating risk assessment reports related to system weaknesses or known threats.
Provide technical insights during third-party audits and risk assessments.
Maintain documentation of all vulnerability management activities and support audit readiness.
Governance & Controls
Contribute to the development and enforcement of security policies and technical standards.
Ensure consistent application of security controls across systems and networks.
Recommend and implement best practices for patching and system hardening.
Collaborate with the GRC team to support security awareness and control enforcement programs.
EXPERIENCE/EDUCATION REQUIREMENTS
Bachelor's degree in Cybersecurity, Information Technology, or related field.
3+ years of experience in vulnerability management, security engineering, or GRC roles.
Strong knowledge of vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Nessus).
Familiarity with compliance frameworks and regulations: HIPAA, HITECH, NIST, CIS Controls.
Ability to communicate technical issues and risk to non-technical stakeholders.
Solid understanding of operating systems, networking, and cloud infrastructure security.
Preferred Qualifications
Certifications such as CISSP, CEH, GSEC, CRISC, or CompTIA Security+.
Experience working in a healthcare environment or regulated industry.
Familiarity with GRC platforms (e.g., FortifyData, ServiceNow GRC, Archer, OneTrust).
Experience with automated patch management and system hardening tools.