Job ID: JOB_ID_2050
Role Overview
The Senior GRC Security Engineer is a high-level strategic and technical position dedicated to the Governance, Risk, and Compliance (GRC) landscape for state-level enterprise systems. Based in Austin, Texas, this hybrid role requires a professional who can seamlessly bridge the gap between technical security vulnerabilities and complex regulatory compliance mandates. You will be the primary lead for the end-to-end development, implementation, and lifecycle management of System Security & Privacy Plans (SSP/SSPP), ensuring that all enterprise-scale systems adhere to the most stringent security and privacy standards required by state and federal law.
Key Responsibilities
- Lead the comprehensive development, regular updates, and full lifecycle management of System Security & Privacy Plans (SSP/SSPP) for critical enterprise systems.
- Drive all remediation activities through disciplined Plan of Action and Milestones (POA&M) management, ensuring that compliance gaps are identified, tracked, and closed within strict timelines.
- Translate technical penetration testing results and vulnerability scan findings into actionable remediation work items, including the creation of EPICs and user stories for Agile development cycles.
- Coordinate extensively with application developers, infrastructure engineers, and security operations teams to validate remediation efforts through rigorous re-testing and the collection of verifiable evidence.
- Oversee risk-based vulnerability management programs, including the prioritization of findings based on business impact and ensuring adherence to SLA-driven remediation schedules.
- Provide high-level governance oversight for essential security controls, including endpoint protection, web application firewalls, and cloud-native security configurations.
- Produce assessor-ready documentation that includes configuration baselines, continuous monitoring artifacts, formal approvals, and detailed incident traceability.
- Support continuous audit readiness initiatives to minimize the risk of repeat findings through the implementation of disciplined governance and documentation practices.
- Ensure all security documentation and controls are perfectly aligned with federal and state regulatory frameworks, specifically CMS MARS-E v2.2 and NIST 800-53.
Required Qualifications and Experience
- A minimum of 12 years of deep professional expertise in Governance, Risk, and Compliance (GRC), Enterprise Security Architecture, and Vulnerability Management.
- At least 10 years of proven experience specifically owning the SSP development process from inception to final approval.
- 10+ years of hands-on experience working with CMS MARS-E v2.2 or comparable federal/state security frameworks.
- 10+ years of expertise in control implementation documentation, audit evidence validation, and POA&M tracking.
- 8+ years of experience in translating technical security findings into compliance-aligned remediation actions for technical teams.
- Exceptional stakeholder management skills with the ability to influence and communicate effectively across security, infrastructure, and application development teams.
- Superior written and verbal communication skills, with a proven track record of presenting complex security concepts to executive-level audiences.
- Comprehensive knowledge of NIST 800-53, NIST RMF, and privacy control frameworks.
- Familiarity with Secure SDLC and DevSecOps practices within hybrid cloud and on-premise environments.
Preferred Skills
- Experience operating within multi-vendor and multi-platform enterprise environments.
- Demonstrated ability to significantly improve compliance maturity and reduce the frequency of repeat audit findings.
- Experience mentoring and leading junior security engineers on governance best practices.
- Specific experience supporting HHSC systems, including SSP development and compliance audits.
Special Requirements
This position is strictly for local candidates in the Austin, Texas area. Candidates must have prior experience working with State clients. An in-person interview is a mandatory part of the selection process. The role operates on a hybrid schedule, requiring regular on-site presence in Austin.
Special Requirements
Local candidates only; State client experience required; In-person interview required.
Compensation & Location
Salary: $155,000 – $205,000 per year (Estimated)
Location: Austin, TX
Recruiter / Company – Contact Information
Recruiter / Employer: Sign-In Solutions Inc.
Email: md.faisal@signinsol.com
Recruiter Notice:
To remove this job posting, please send an email from
md.faisal@signinsol.com with the subject:
DELETE_JOB_ID_2050