Security Governance & Risk Engineer

Security Governance & Risk Engineer

Job Description

[Up to c. $400k Comp Package | Hybrid Working]

Role Overview

We’re partnering with a globally recognised quantitative trading firm seeking a Security Governance & Risk Engineer to strengthen its information security, risk, and compliance capability in New York. This role has now been scoped as an individual contributor position rather than a team leadership role.

This is not a traditional policy-only GRC role. The firm wants someone who can combine technical security knowledge, automation, and governance expertise to improve how controls are assessed, evidenced, measured, and reported. You’ll work across control assessments, threat modelling, architecture reviews, policy development, evidence collection, and governance support for areas such as vulnerability management, vendor risk, penetration testing, and access management...

Key Responsibilities

• Perform security control assessments across technical environments using recognised frameworks and internal standards
• Support evidence collection, control testing, and reporting processes for audit, regulatory, and governance requirements
• Build automation to reduce manual effort across GRC workflows, evidence gathering, reporting, and control validation
• Contribute to threat modelling and architecture review activities, helping identify risks early in system design and delivery
• Develop and refine security policies, standards, procedures, and control documentation
• Partner with engineering, security, legal, and compliance teams to translate regulatory expectations into practical controls
• Support governance oversight across vulnerability management, vendor risk, access management, and penetration testing programmes
• Create dashboards, metrics, and reporting outputs that give clearer visibility into security and compliance posture
• Help improve how security risk is measured, tracked, escalated, and remediated across the organisation
• Respond to audit, regulatory, due diligence, and internal information requests in a structured and timely manner
• Identify opportunities to make governance processes more scalable, automated, and engineering-led

What You’ll Bring…

• 6-14 years’ experience across cybersecurity risk, GRC, security engineering, control assurance, or related security governance roles
• Strong understanding of security frameworks such as NIST-CSF, CIS, ISO 27001, FedRAMP or comparable standards
• Practical experience with control assessments, evidence collection, risk analysis, and security reporting
• Exposure to vendor risk, penetration testing governance, vulnerability management, or access control oversight
• Technical fluency across infrastructure, systems, cloud, or application environments, with the ability to engage credibly with engineering teams
• Experience contributing to threat modelling, architecture reviews, or technical risk assessments
• Scripting or programming exposure, ideally with Python, Go, or similar, to support automation and reporting improvements
• Familiarity with Linux environments and comfort working with command-line tools
• Experience developing metrics, dashboards, or data-driven reporting for security, risk, or compliance programmes
• Strong written communication skills, particularly around policy, control documentation, risk narratives, and executive reporting
• Ability to operate independently as a senior individual contributor in a highly technical environment
• (Preferred) Experience within financial services, capital markets, trading, or another highly regulated technical environment
• (Preferred) Professional certifications such as CISSP, CISM, CRISC or equivalent

...

Apply for this role

All fields marked with * are required.