Security Governance, Risk, and Compliance Engineer

Responsibilities

• Utilize a combination of off-the-shelf GRC tools, APIs, and custom-written code to gather metrics and evidence across various open source, custom-built, and proprietary platforms
• Automate the tracking, visualization, and reporting of KPIs and KRIs for HRT's InfoSec, Risk, and Compliance departments
• Partner with a large team of software developers and systems engineers to conduct threat modeling and security architecture reviews for internally developed applications
• Translate compliance requirements into concrete technical implementation guidance, and review infrastructure-as-code and cloud configuration against compliance baselines
• Perform internal and external security control assessments using industry-standard frameworks such as NIST and CIS, map controls, and maintain a unified control library
• Own and maintain the security risk register, ensuring risks are clearly documented, technically accurate, appropriately scored, and tied to accountable owners
• Create and maintain security and compliance policies, standards, and guidelines
• Support the automation and governance of HRT's critical security controls, encompassing:
• Vulnerability management
• Vendor risk management
• Penetration testing
• Access management
• Ensure timely and accurate responses to requests for company data in collaboration with Compliance and Legal

Requirements

• 5+ years of experience in security GRC or engineering, with experience at a company in a heavily regulated industry
• Familiarity with standards-based security frameworks such as CIS, NIST-CSF, or ISO
• Experience building strong cross-functional relationships and working across multiple teams, both technical and non-technical
• Prior hands-on experience in systems engineering, security engineering, cloud infrastructure, DevOps, SRE, or application security strongly preferred
• Understanding of secure SDLC controls, including code review, SAST, DAST, dependency scanning, secrets detection, and threat modeling
• Experience with Linux and comfort on the command line
• Software development and/or scripting experience, preferably in Python
• Data analysis skills leveraging SQL, Elastic, OSQuery, and Prometheus preferred
• CISSP, CISM, or a similar certification is a plus
• Culture
• Hudson River Trading (HRT) brings a scientific approach to trading financial products. We have built one of the world's most sophisticated computing environments for research and development. Our researchers are at the forefront of innovation in the world of algorithmic trading.
• Please be advised: Use of AI tools during interviews or assessments is strictly prohibited, unless otherwise instructed or agreed upon. We employ various methods to evaluate the authenticity of candidate responses. If we determine that AI assistance was used during any stage of the

Benefits

Additional Information

Hudson River Trading (HRT) is seeking a Security Governance, Risk, and Compliance Engineer to join our growing Information Security team. This function combines technical security, automation, and GRC expertise to strengthen HRT's security, risk, and compliance programs. In this role, you will automate evidence collection and reporting, assess controls against industry-standard frameworks, partner with engineers on threat modeling and architecture reviews, and support governance across vulnerability management, vendor risk, penetration testing, and access management. You will report to the Head of Information Security and liaise with HRT's Compliance, Legal, Engineering, and Development teams to research, build, and maintain security solutions for a diverse set of industry regulations and requirements.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at wehrtyou? Share your experience