Skip to main content
TryApplyNow
Oscar logo

Senior Security Engineer I, GRC

Oscar
Full TimeseniorHybrid
New York, New York, United StatesPosted 5 days ago

Role Overview

Oscar is hiring a Senior Security Engineer I, GRC. This is a full-time hybrid role, based in New York, New York. Part of Oscar's Risk hiring, posted 5 days ago. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Salary Context

Salary is not disclosed in this posting. Market median for Senior-level Risk roles is $140k-$170k (based on 117 comparable listings). Many employers share specifics during the interview process or after an initial screen.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

CI/CDSOXHIPAATelemetryORDesign SystemsRisk ManagementBenefits

Job description

Hi, we're Oscar. We're hiring a Senior Security Engineer 1, GRC to join our Security Team.

Oscar is the first health insurance company built around a full stack technology platform and a relentless focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role:

The Principal GRC Engineer designs and operates the systems that enable continuous security assurance, deep risk visibility, and scalable regulatory compliance. Rather than managing documentation or preparing for audits, this role engineers the infrastructure that allows the organization to demonstrate security and compliance continuously through automation, telemetry, and self-evidencing controls.

Operating at the intersection of security engineering, platform engineering, risk management, and regulatory assurance, you will embed governance and control validation directly into how systems are built and operated. By connecting controls, operational telemetry, engineering workflows, and risk signals, you will surface patterns and relationships that traditional GRC programs cannot see, creating a feedback loop where security intelligence continuously informs engineering guardrails and platform architecture.

You will report into the Sr. Manager GRC.

Work Location: This position is based in our New York City office, requiring a hybrid work schedule with 3 days of in-office work per week. Thursdays are a required in-office day for team meetings and events, while your other two office days are flexible to suit your schedule. 

Pay Transparency: The base pay for this role is: $163,944 per year - $215,176 per year. You are also eligible for employee benefits, participation in Oscar's unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities:

  • Design systems that continuously measure and validate security controls through operational telemetry, automated evidence generation, and control health monitoring.
  • Build automation and orchestration across security tools, cloud platforms, and engineering systems to eliminate manual compliance processes and reduce audit overhead.
  • Translate governance expectations into machine-enforceable guardrails embedded within infrastructure platforms, CI/CD pipelines, and engineering workflows.
  • Apply automation, orchestration, and AI-assisted capabilities to scale governance workflows, enabling intelligent analysis and adaptive control systems.
  • Architect control and telemetry pipelines where operational systems produce the evidence required for regulatory assurance and audit readiness.
  • Compliance with all applicable laws and regulations 
  • Other duties as assigned 

Requirements:

  • 4+ years experience in Technology related field. 
  • 4+ years experience in Security Engineering.

Bonus points:

  • Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST, HIPAA) and experience in ensuring organizational adherence to these standards.
  • Certifications such as CISSP, CISM, CISA, CEH, or vendor-specific certifications.
  • Proficiency in managing security projects, including planning, execution, and successful delivery within timelines and budgets.
  • 4+ years of experience in Security Engineering, DevSecOps, or Site Reliability Engineering (SRE), with at least 3 years specifically focused on GRC automation or internal security tooling.

 

This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraud here

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.

Pay Transparency:  Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience. Full-time employees are eligible for benefits including: medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

Artificial Intelligence (AI): Our AI Guidelines outline the acceptable use of artificial intelligence for candidates and detail how we use AI to support our recruiting efforts.

Reasonable Accommodation: Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.

California Residents: For information about our collection, use, and disclosure of applicants’ personal information as well as applicants’ rights over their personal information, please see our Privacy Policy.

About Oscar

Oscar logo

Oscar

hioscar.com

RiskHybrid

257 other open roles at Oscar on TryApplyNow.

Frequently Asked Questions

How do I apply for the Senior Security Engineer I, GRC position at Oscar?

Use the Apply button above to submit your application directly to Oscar. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Is the Senior Security Engineer I, GRC role at Oscar remote or in-office?

This is a hybrid role based in New York, New York. Expect a mix of in-office and remote days, with the specific cadence set by the hiring manager.

What does a Senior Security Engineer I, GRC at Oscar earn?

Oscar has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Senior Security Engineer I, GRC role at Oscar posted?

This role was posted on July 8, 2026 (5 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

How much experience does the Senior Security Engineer I, GRC role at Oscar require?

This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Oscar lists their specific requirements in the description below, so review the must-have qualifications closely before applying.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start