Senior Security Governance & Risk Engineer

Senior Security Governance & Risk Engineer – Hybrid Austin, Texas

We are seeking a seasoned Security Engineer to lead enterprise security governance, risk, and compliance initiatives across complex, multi-platform environments. This role serves as a bridge between technical security operations and regulatory compliance, ensuring systems remain secure, audit-ready, and aligned with industry and regulatory standards.

The ideal candidate will have deep expertise in system security documentation, risk-based vulnerability management, and end-to-end remediation oversight. This individual will play a critical role in strengthening governance maturity and reducing repeat audit findings while supporting secure delivery of externally facing digital services.

• Lead end-to-end development, maintenance, and continuous improvement of System Security and Privacy documentation for enterprise platforms
• Drive structured remediation efforts through formal tracking mechanisms, ensuring timely resolution of identified compliance gaps
• Convert penetration testing results and vulnerability findings into clearly defined remediation work items for engineering teams
• Partner with application, infrastructure, and security teams to validate remediation through structured re-testing and documented evidence
• Oversee risk-based vulnerability management processes, including prioritization and SLA-driven remediation tracking
• Provide governance oversight for endpoint security, web application protection, and cloud security controls
• Produce assessor-ready documentation, including system configurations, monitoring artifacts, approvals, and incident traceability records
• Maintain continuous audit readiness through disciplined governance processes and documentation standards
• Identify process improvement opportunities to strengthen compliance posture and minimize recurring findings

• 12+ years of experience in Governance, Risk, and Compliance (GRC), enterprise security architecture, vulnerability management, and hybrid/cloud security environments
• 10+ years of experience owning system security documentation development end-to-end
• 10+ years of experience working within structured regulatory or industry-aligned security frameworks
• 10+ years of experience in control implementation documentation, audit evidence collection and validation, and formal remediation tracking
• 8+ years translating complex technical security issues into compliance-aligned remediation actions
• 8+ years collaborating with cross-functional teams across security, infrastructure, and application domains
• Strong written and verbal communication skills, including executive-level reporting
• Deep knowledge of industry-standard security control frameworks, risk management methodologies, and privacy safeguards
• Experience supporting secure software development lifecycle (SDLC) and Dev Sec Ops  practices

• Experience operating in multi-vendor, multi-platform enterprise environments
• Demonstrated success improving compliance maturity and reducing repeat audit findings
• Experience mentoring teams on governance and security best practices
• Background supporting large-scale public sector or highly regulated environments

#TECHIND