Senior Security Engineer – Governance, Risk & Compliance (GRC)/CISO/Security Officer

Job Role: Senior Security Engineer – Governance, Risk & Compliance (GRC)
Location: Austin TX (Hybrid)

This role focuses on leading enterprise security governance, compliance, and risk management initiatives with a strong emphasis on System Security & Privacy Plans (SSP/SSPP). The position bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.

Responsibilities

(Including but not limited to)

• Lead end-to-end development, maintenance, and updates of System Security & Privacy Plans (SSP/SSPP) for enterprise systems.
• Drive remediation efforts through POA&M management, ensuring timely closure of compliance gaps.
• Translate penetration testing and vulnerability assessment findings into actionable remediation EPICs and user stories.
• Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and documented evidence.
• Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation tracking.
• Provide governance oversight for endpoint protection, web application security, and cloud security controls.
• Produce assessor-ready documentation, including control configurations, monitoring evidence, approvals, and incident traceability.
• Support continuous audit readiness efforts and reduce repeat findings through structured governance and documentation practices.
• Collaborate across cross-functional teams to ensure compliance alignment with enterprise and regulatory standards.

Required Qualifications

• 12+ years of experience with deep focus on Governance, Risk, and Compliance (GRC), Enterprise Security, Security Architecture, Vulnerability Management, Penetration Testing, and Cloud/Hybrid Security.
• 10+ years of proven experience owning SSP development end-to-end.
• 10+ years of hands-on experience with CMS MARS-E v2.2 or comparable federal/state security frameworks.
• 10+ years of expertise in control implementation documentation, audit evidence collection and validation, and POA&M creation/tracking/remediation management.
• 8+ years of experience translating technical security issues into compliance-aligned remediation actions.
• 8+ years of stakeholder management experience across security, infrastructure, and application teams.
• 8+ years of strong written and verbal communication skills, including executive-level reporting.
• 8+ years of knowledge of NIST 800-53, NIST RMF, and privacy controls.
• 8+ years of experience with Secure SDLC and DevSecOps practices.

Preferred Qualifications

• 5+ years of experience operating in multi-vendor, multi-platform environments.
• 5+ years of demonstrated success reducing repeat audit findings and improving compliance maturity.
• 5+ years of experience mentoring or guiding teams on security governance best practices.
• Experience supporting HHSC systems, including SSP development and compliance.