Security Governance & Risk Engineering Lead

United States, New York
Permanent
Job ID: 2437

Job Description


[Up to c. $400k Comp Package | Hybrid Working]


Role Overview

We’re partnering with a globally recognised quantitative trading firm to appoint a senior Security Governance & Risk leader within its Information Security function. This is not a policy-only GRC role. The mandate combines governance leadership, regulatory strategy, and technical automation. You will oversee global security governance across multiple jurisdictions while building scalable, data-driven compliance capabilities that integrate directly into the firm’s engineering-led culture - requiring a leader who can translate regulatory complexity into practical, measurable security outcomes.

You will manage a specialised GRC engineering team and work closely with Legal, Compliance, and senior technical stakeholders to ensure the firm’s security posture remains aligned with evolving global regulatory requirements.


Key Responsibilities

  • Lead and develop a security governance and risk engineering function across global entities
  • Define and execute the firm’s security governance strategy in alignment with international regulatory frameworks
  • Oversee internal and external control assessments using recognised standards (e.g. NIST, CIS, ISO or equivalent)
  • Conduct structured risk assessments and threat modelling exercises across technical environments
  • Establish measurable compliance KPIs and build reporting frameworks suitable for executive and board-level audiences
  • Drive automation initiatives across governance workflows, reducing manual control overhead
  • Oversee vendor risk management, penetration testing governance, and access control oversight frameworks
  • Partner closely with Legal and Compliance teams to interpret regulatory requirements and operationalise controls
  • Develop dashboards and metrics using engineering approaches to track compliance posture in real time
  • Support regulatory readiness initiatives to enable entry into new markets
  • Ensure timely and structured responses to regulatory, audit, and due diligence requests


What You’ll Bring…

  • 8-12 years’ experience in cybersecurity risk, compliance, or governance within a highly regulated environment
  • Demonstrated experience leading and scaling GRC or security risk teams
  • Strong familiarity with recognised security frameworks (e.g. NIST-CSF, CIS, ISO 27001, FedRAMP or comparable)
  • Practical experience conducting control assessments and enterprise risk analysis
  • Familiarity with Linux environments and command-line tooling
  • Comfort operating in deeply technical environments, with the ability to engage credibly with infrastructure and engineering teams
  • Experience building metrics, dashboards, or data-driven reporting solutions
  • Programming or scripting exposure (Python, Go or similar) to support governance automation initiatives
  • Experience collaborating cross-functionally across security, engineering, compliance, and legal teams
  • Strong written and verbal communication skills suited for senior stakeholder engagement
  • (Preferred) Experience within financial services or capital markets
  • (Preferred) Professional certifications such as CISSP, CISM, or equivalent


...

Apply for this role

All fields marked with * are required.

I confirm I have a pre-existing Right to Work in this location *

Back to Job Listings