Risk & Compliance Engineer
Description
Position at WebMD
WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.
About the role:
As a Vendor Risk & Compliance Engineer, you will be uniquely positioned to enhance Vendor risk program using AI that keeps our vendors and products aligned to frameworks such as NIST, HIPAA, and SOC2. You'll lead and conduct vendor security risk assessments end to end — integrate AI to improve accuracy, evaluate control effectiveness, quantify risk to the business, and partner with risk owners to drive it down.
Working under the Sr. Director of Privacy and Compliance, you will also own risk reporting for the team in OneTrust: keeping risk managers accountable for remediation and building the KRIs and KPIs that show leadership how we're trending. Beyond the day-to-day, you'll improve our assessment methodology and questionnaires and maintain them in OneTrust.
The ideal candidate demonstrates the ability to continuously identify & integrate AI to improve all aspects of the program, strong and practical GRC fundamentals and the judgment to prioritize real risk reduction over check-the-box control work.
What you'll do:
- Continuous improvement using AI into all aspects of vendor risk management
- Lead and independently prioritize a range of vendor security risk assessments — scoped by service type and integration profile (HIPAA, infrastructure, application, etc.) — to verify compliance with contracts and internal security policies and standards.
- Coordinate vendor information risk activities across procurement, legal, and the business, including assessment criteria and re-assessments, with a focus on SOC 2-dependent vendors.
- Partner with risk owners to design and negotiate risk treatment plans that prioritize genuine risk reduction over check-the-box control enhancements, and track them to closure.
- Lead vendor risk reviews in bi-weekly management meetings to drive accountability for remediation.
- Own risk reporting in OneTrust: ensure risk managers are tracking remediations, and develop and maintain KRIs and KPIs.
- Build, maintain, and improve assessment methodology and questionnaires based on NIST 800-53r5 and the NIST RMF.
- Embed security-by-design into projects and products to mitigate risk before it materializes.
- Support internal assessments and external audits.
What you'll bring:
- AI Proficiency aiming to improve accuracy and accelerate process improvement
- 4 –6 years leading vendor and third-party risk assessments (security, vendor, HIPAA, etc.) and managing identified risks to resolution. Security Assurance / Assessments experience is also acceptable
- Strong, practical command of risk and control concepts and GRC frameworks — NIST RMF, NIST 800-53r5, and related standards.
- Experience leading discussions with risk owners to develop, negotiate, and close out risk treatment plans.
- Hands-on experience with GRC / risk / compliance tooling (e.g., OneTrust, Archer).
- Experience building and maintaining organizational security risk metrics.
- Strong written and verbal communication and the organizational skills to manage competing deadlines with limited oversight.
- Ability to work independently while fostering cross-functional collaboration, with a consistent customer-first mindset and solid business acumen.
- Bachelor's or advanced degree in a Science, Engineering, Information Systems, or Cybersecurity field (preferred, not required).
Nice to have:
- Familiarity with AI/agentic systems and emerging AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001) — helpful for assessing AI vendors, but not required.
- Relevant certifications (e.g., CISA, CRISC, CISSP, CCSP).
Salary range: $82,000 - $97,000
Bonus Eligible: This position is also eligible for a discretionary company bonus, based upon business results.
Benefits:
- Employees in this position are eligible to participate in the company sponsored benefit programs, including the following within the first 12 months of employment:
- Health Insurance (medical, dental, and vision coverage)
- Paid Time Off (including vacation, sick leave, and flexible holiday days)
- 401(k) Retirement Plan with employer matching
- Life and Disability Insurance
- Employee Assistance Program (EAP)
- Commuter and/or Transit Benefits (if applicable)
Eligibility for specific benefits may vary based on job classification, schedule (e.g., full-time vs. part-time), work location and length of employment.
Recommended Jobs
CT Scan Technologist Full Time
Job Description Responsible for producing cross-section images of patients' internal organs and tissues for the diagnosis of medical issues. Interprets a physician's scanning instructions, adminis…
Part-time Classroom Aide - Morning Shift ( 7AM to 12 Noon)
Job Description Job Description Part-time Aide – The Goddard School – Parsippany, NJ Job Description The Goddard School® of Parsippany, an early childhood education center, is currently …
Janitor
Job Description Job Description Overview Join Diversified Maintenance! We’re committed to delivering exceptional cleaning, landscaping, and restoration services for commercial facilities. Be p…
New Store - Prepared Foods Team Member (Deli Service Counter & Culinary Venues) - Full Time - Montgomery Township, New Jersey - Opening Late Summer 2026
Provides support as a member of the Prepared Foods team to include preparation, counter service, sanitation, and stocking of products. All Whole Foods Market Retail jobs require ensuring a positive…
Technical Support Part Time/Internship (Mandarin/English Bilingual)
Job Description Job Description Neoden USA is looking for a motivated and technically curious Mandarin/English bilingual person to join our team in Ringwood, NJ. This is also an excellent opportu…
CNC & Manual Lathe Machinist
Job Details: CNC & Manual Lathe Machinist Description: My client is seeking a highly experienced Manual & CNC Machinist to join the team. The ideal candidate will have 5+ years of hands-on e…
Work from Home: Life & Health Insurance Opportunities Await!
Tired of Trading Time for Money? If you’re motivated, coachable, and open to learning a new skill, we’re mentoring individuals into the life insurance industry. ✔️ No prior experience require…
Front Counter Assistant - Service Advisor Career Path
Job Description Job Description Salary: $18-$22 based on experience Little Falls Auto Service is hiring a Front Counter Assistant who wants a real career path into a Service Advisor role. …
Cashier/ Runner/ Barista
Job Description Job Description City Rub Cafe Newark Liberty International Airport 3 Brewster Rd Newark, NJ 07114 CASHIER Role Purpose To present a positive first impression of Ja…
Driver - Local
Job Description Job Description Company Overview: NRS is a leading provider of transportation & supply chain solutions. As a family-owned and operated company, NRS has delivered smart logist…