Senior GRC Security Engineer; SSP & Compliance Lead

Duration:
Contract | March 2026 – August 2026 | Potential Extension

Estimated

Hours:

Up to 1,000 hours

Work Authorization: U.S.

-based candidates only

We are seeking a Senior Governance, Risk, and Compliance (GRC) Security Engineer to lead enterprise security governance and compliance initiatives across complex, multi-platform environments.

This role combines hands-on SSP ownership, audit readiness, vulnerability governance, and risk management
, ensuring secure delivery of public-facing services while maintaining alignment with federal and state security frameworks.

The ideal candidate brings deep experience in System Security & Privacy Plans (SSP), POA&M management, NIST-based controls, and cloud/hybrid security
, along with strong stakeholder coordination and executive-level communication skills.

Security Governance & Compliance

• Lead end-to-end development, maintenance, and updates of System Security & Privacy Plans (SSP/SSPP) for enterprise systems
• Produce assessor-ready documentation
  , including control implementations, configurations, monitoring evidence, approvals, and incident traceability
• Maintain continuous audit readiness and drive initiatives to reduce repeat findings

Risk & Vulnerability Management

• Manage POA&M lifecycle
  , ensuring timely remediation and closure of compliance gaps
• Translate penetration testing and vulnerability findings into actionable remediation items (EPICs, user stories, or work packages)
• Coordinate validation and re-testing with application, infrastructure, and security teams
• Implement risk-based prioritization with SLA-driven remediation tracking

Security Oversight

• Provide governance for endpoint protection, web application security, and cloud security controls
• Support Secure SDLC and Dev Sec Ops practices to improve security maturity
• Drive improvements in compliance processes and operational security effectiveness

Stakeholder Engagement

• Collaborate across security, infrastructure, and application teams in multi-vendor environments
• Communicate risks, status, and remediation plans to technical and executive stakeholders

• 12+ years of experience in:
• Governance, Risk, and Compliance (GRC)
• Enterprise Security Architecture
• Vulnerability Management and Penetration Testing
• Cloud and hybrid environments
• 10+ years owning SSP development end-to-end
• 10+ years working with CMS MARS-E v2.2 or comparable federal/state security frameworks
• Strong expertise in:
• Audit evidence collection and validation
• POA&M creation, tracking, and remediation management
• 8+ years experience:
• Translating technical security issues into compliance-aligned actions
• Working with cross-functional technical teams
• Executive-level written and verbal communication
• NIST 800-53, NIST RMF, and privacy controls
• Secure SDLC / Dev Sec Ops  practices

• Experience in multi-vendor, multi-platform enterprise environments
• Demonstrated success in reducing repeat audit findings and improving compliance maturity
• Experience mentoring or guiding teams on GRC best practices
• Prior experience supporting health and human services or public sector systems

• Hybrid role – Austin, TX (onsite and remote)
• Standard business hours:
  Monday–Friday, 8:00 AM – 5:00 PM CST
• Travel expenses (if any) are the responsibility of the candidate/vendor unless pre-approved