Security Governance and Compliance Engineer

Air InfoSec•Austin, TX

18h•Hybrid

About The Position

The Security Governance and Compliance Engineer</b> leads enterprise security governance, compliance, and risk management initiatives with a strong emphasis on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance to ensure audit readiness, effective vulnerability remediation, and secure delivery of public -facing services across complex, multi -platform environments. The position is responsible for end -to -end SSP ownership, POA&M management, vulnerability governance, and documentation aligned to federal and state security frameworks. The engineer collaborates with application, infrastructure, and security teams to validate remediation efforts and reduce repeat audit findings through disciplined governance practices.

Requirements

12 years of experience in Governance, Risk, and Compliance (GRC), enterprise security, security architecture, vulnerability management, penetration testing, and cloud or hybrid security environments
10 years of experience owning SSP development end -to -end
10 years of hands -on experience with CMS MARS -E v2.2 or comparable federal/state security frameworks
10 years of experience in control implementation documentation, audit evidence collection and validation, and POA&M creation and remediation management
8 years of experience translating technical security issues into compliance -aligned remediation actions
8 years of stakeholder management experience across security, infrastructure, and application teams
8 years of experience with NIST 800 -53, NIST RMF, and privacy controls
8 years of experience with Secure SDLC and DevSecOps practices
Excellent written and verbal communication skills, including executive -level communication

Nice To Haves

5 years of experience operating in multi -vendor, multi -platform environments
Demonstrated ability to reduce repeat audit findings and improve compliance maturity
Experience mentoring or guiding teams on security governance best practices
Experience supporting HHSC systems, including SSP development and compliance

Responsibilities

Lead end -to -end development, maintenance, and updates of System Security & Privacy Plans (SSP/SSPP) for enterprise systems
Manage POA&M processes, driving timely remediation and closure of compliance gaps
Translate penetration testing and vulnerability findings into actionable EPICs and user stories
Coordinate remediation validation activities, including re -testing and evidence collection
Oversee risk -based vulnerability management and SLA -driven remediation tracking
Provide governance oversight for endpoint protection, web application security, and cloud security controls
Produce assessor -ready documentation, including configurations, monitoring artifacts, approvals, and incident traceability
Support continuous audit readiness efforts and implement practices to reduce repeat findings
Align security controls and documentation with CMS MARS -E v2.2, NIST 800 -53, NIST RMF, and privacy control requirements
Collaborate with cross -functional stakeholders to ensure secure SDLC and DevSecOps practices are integrated into compliance processes

Benefits

Air InfoSec offers an Individual Coverage Health Reimbursement Arrangement (ICHRA), providing up to $350/month in tax -free reimbursements to help cover the cost of your own health insurance premium. This gives you the flexibility to choose the plan that works best for you and your family.
1 hour of PTO earned for every 20 hours worked.
Can carryover up to 5 days of PTO to the next calendar year.
5 paid state holidays (annually)
2 paid floating holidays (annually)
$100 per year to apply towards annual certification fees or educational training.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume