Lantern is the specialty care platform connecting people with the best care when they need it most. By curating a Network of Excellence comprised of the nation's top specialists for surgery, cancer care, infusions and more, Lantern delivers excellent care with significant cost savings to employers and their workforces. Lantern also pairs members with a dedicated care team, including Care Advocates and nurses, for the entirety of their care journey, helping them get back to good health, back to their families and back to work. With convenient access to specialists nationwide, Lantern means quality care is within driving distance for most. Lantern is trusted by the nation's largest employers to deliver care to more than 6 million members across the country. Learn more about us at lanterncare.com.
About You:
- You use LOGIC in your decision making and understand that progress is critical to making change. You focus on the execution of your content while balancing a fast-paced environment and you take the time to celebrate both the small & big wins.
- INCLUSION is a core tenant of your personal beliefs. A diverse and inclusive environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
- You have the GRIT, drive and ambition to tackle big problems. Big problems require big ideas and a team that supports new ideas.
- You care deeply for your customers are driven to keep HUMANITY in all decisions. Your customers aren’t just the individuals using your product. They are the driving factor in your motivation to make a change.
- Integrity guides you in life. Focusing on the TRUTH vs. giving people the answers they want to hear.
- You thrive in a Team Environment. Collaboration is key in innovation and creating change.
These pillars of LIGHT are a reminder to our team that we are making a difference by providing guidance and support in navigating the often complex and confusing landscape of healthcare. We hope that through this LIGHT, individuals can find their way to the best care, resources, and support they need to get back to life.
If this sounds like you, we would love to connect to speak further about career opportunities at Lantern.
Please apply to our role & someone from our Talent Acquisition Team will reach out to help you navigate our interview process.
Lantern is seeking a Senior GRC Engineer to join our GRC team as a key individual contributor. This role is built specifically for someone who builds compliance infrastructure, not just manages it. You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform.
This is not a checkbox compliance role. We are deploying AI across our platform to improve how members access specialty care, and we need a GRC engineer who writes code to solve compliance problems, builds automation that eliminates manual evidence collection, and can govern the AI systems we are actively deploying. If you think in systems, reach for Python before a spreadsheet, and want to shape what a modern GRC function looks like, this role was built for you.
Location: Hybrid - at least 4 days/wk in our Dallas, TX offices
Responsibilities:
Compliance Automation & Evidence Engineering
- Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
- Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
- Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
- Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing
AI Governance
- Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
- Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
- Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
- Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools
Healthcare Compliance
- Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
- Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
- Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap
Risk & Vendor Management
- Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
- Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
- Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase
Requirements:
- 5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
- Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
- Has built something using an LLM or AI framework: a working tool, even a prototype.
- Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better
Technical Skills:
- Experience with continuous control monitoring, integrating compliance checks into CI/CD or cloud infrastructure
- Working knowledge of Python, SQL, or equivalent for data extraction, risk scoring, and compliance automation
- Experience with cloud security controls in Azure
Certifications (Preferred)
- CISA, CRISC, CISM, or CISSP
- HITRUST CCSFP a strong plus
Strong Candidates Will:
- Build systems, not checklists. Manual processes are temporary; automation is the goal
- Move with urgency and precision, flagging risk before it becomes an issue
- Balance rigor with pragmatism, enabling the organization to move fast while staying protected
- Communicate clearly to both technical and non-technical audiences without losing nuance
- Bring genuine curiosity about AI. Follow the space and have formed opinions
- Embody Lantern’s LIGHT pillars (Logic, Inclusion, Grit, Humanity, Truth) in every interaction
Benefits
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Flexible Time Off
- Paid Parental Leave
Lantern does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Skills Required
- 5+ years in GRC, information security, or compliance engineering
- 3 years in healthcare or health-tech
- Ability to write code that extracts evidence from systems
- Experience with continuous control monitoring
- Working knowledge of Python, SQL, or equivalent
What We Do
Headquartered in Dallas, Texas, Employer Direct Healthcare™ (EDH) is an innovative healthcare services company that provides high-quality, cost-effective solutions to self-insured employers through two core products, SurgeryPlus™ and CareCentral™. Whether it is SurgeryPlus or CareCentral™, our Care Advocates are the heart of our business. Beginning with the first time they call in, members are paired with a dedicated Care Advocate, who serves as their personal full-service healthcare concierge for as long as they are enrolled in our services. As experts on each of our members’ medical plans, our Care Advocates truly handle it all, from locating the best providers for a member’s specific needs, to coordinating any logistics and scheduling all of their appointments. SurgeryPlus™ is a valuable supplemental surgery benefit that transforms the way employers provide and pay for their employees’ planned medical procedures. With SurgeryPlus™, we pre-negotiate bundled rates for thousands of non-emergent surgical procedures, which allows us to generate significant savings for both employers and their employees. With this benefit, members have access to our full-service healthcare concierge services and our exclusive national network of 100% board certified physicians representing numerous specialties, including orthopedics, sports medicine, spine, general surgery, gastroenterology, women’s health/GYN, bariatrics, ear, nose and throat (ENT), cardiac and more. CareCentral™ is a full-service healthcare concierge service that is designed to assist members in understanding and navigating all of their healthcare decisions, from something as simple as answering a benefits-related question or locating a primary care provider, to something as complex as coordinating treatment for conditions such as cancer, transplants, chronic conditions, surgeries and more. When it comes to the ways CareCentral™ can assist members with their healthcare needs, the sky is the limit!
