Sr. GRC Security Engineer – SSP Lead

Overview

Neos is seeking a Sr. GRC Security Engineer – SSP Lead for a contract role with our client in Austin, TX.

HYBRID (TEXAS) - ONLY CANDIDATES CURRENTLY RESIDING IN THE AUSTIN, TX AREA (Within 50-mile radius) WILL BE CONSIDERED.

Position will be 3 days remote with 2 days onsite (Mon & Thu) at 4601 W. 51st, Austin, TX 78751. Interviews will be conducted in-person. No calls or emails; respond directly to the “apply” link with your resume and contact details.

• Lead end-to-end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems
• Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps
• Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
• Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence
• Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
• Provide governance oversight for endpoint protection, web application security, and cloud security controls
• Produce assessor-ready documentation, including configurations, monitoring evidence, approvals, and incident traceability
• Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices

• 12 years required — deep focus on Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing, Cloud Security and hybrid environments
• 10 years required — proven experience owning SSP development end to end
• 10 years required — hands-on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
• 10 years required — strong expertise in: control implementation documentation, audit evidence collection and validation, POA&M creation, tracking, and remediation management
• 8 years required — ability to translate technical security issues into compliance-aligned remediation actions
• 8 years required — strong stakeholder management skills across security, infrastructure, and application teams
• 8 years required — excellent written and verbal communication skills, particularly for executive stakeholders
• 8 years required — knowledge of NIST 800-53, NIST RMF, and privacy controls
• 8 years required — knowledge of Secure SDLC and Dev Sec Ops  practices
• 5 years preferred — experience operating in multi-vendor, multi-platform environments
• 5 years preferred — demonstrated ability to reduce repeat audit findings and improve compliance maturity
• 5 years preferred — experience mentoring or guiding teams on security governance best practices
• 1 year preferred — experience supporting HHSC systems, including SSP development and compliance

#DICE