Security Governance, Risk, And Compliance Engineer

Hudson River Trading (HRT) is seeking a Security Governance, Risk, and Compliance Engineer to join our growing Information Security team. This function combines technical security, automation, and GRC expertise to strengthen HRT's security, risk, and compliance programs. In this role, you will automate evidence collection and reporting, assess controls against industry-standard frameworks, partner with engineers on threat modeling and architecture reviews, and support governance across vulnerability management, vendor risk, penetration testing, and access management.

You will report to the Head of Information Security and liaise with HRT's Compliance, Legal, Engineering, and Development teams to research, build, and maintain security solutions for a diverse set of industry regulations and requirements. 

Responsibilities

• Utilize a combination of off-the-shelf GRC tools, APIs, and custom-written code to gather metrics and evidence across various open source, custom-built, and proprietary platforms
• Automate the tracking, visualization, and reporting of KPIs and KRIs for HRT's InfoSec, Risk, and Compliance departments
• Partner with a large team of software developers and systems engineers to conduct threat modeling and security architecture reviews for internally developed applications
• Translate compliance requirements into concrete technical implementation guidance, and review infrastructure-as-code and cloud configuration against compliance baselines
• Perform internal and external security control assessments using industry-standard frameworks such as NIST and CIS, map controls, and maintain a unified control library
• Own and maintain the security risk register, ensuring risks are clearly documented, technically accurate, appropriately scored, and tied to accountable owners
• Create and maintain security and compliance policies, standards, and guidelines
• Support the automation and governance of HRT's critical security controls, encompassing:
• Vulnerability management
• Vendor risk management
• Penetration testing
• Access management
• Ensure timely and accurate responses to requests for company data in collaboration with Compliance and Legal 

Qualifications

• 5+ years of experience in security GRC or engineering, with experience at a company in a heavily regulated industry
• Familiarity with standards-based security frameworks such as CIS, NIST-CSF, or ISO
• Experience building strong cross-functional relationships and working across multiple teams, both technical and non-technical
• Prior hands-on experience in systems engineering, security engineering, cloud infrastructure, DevOps, SRE, or application security strongly preferred
• Understanding of secure SDLC controls, including code review, SAST, DAST, dependency scanning, secrets detection, and threat modeling
• Experience with Linux and comfort on the command line
• Software development and/or scripting experience, preferably in Python
• Data analysis skills leveraging SQL, Elastic, OSQuery, and Prometheus preferred
• CISSP, CISM, or a similar certification is a plus

The estimated base salary range for this position is 200,000 to 250,000 USD per year (or local equivalent). The base pay offered may vary depending on multiple individualized factors, including location, job-related knowledge, skills, and experience. This role will also be eligible for discretionary performance-based bonuses and a competitive benefits package.

Culture

Hudson River Trading (HRT) brings a scientific approach to trading financial products. We have built one of the world's most sophisticated computing environments for research and development. Our researchers are at the forefront of innovation in the world of algorithmic trading.

At HRT we welcome a variety of expertise: mathematics and computer science, physics and engineering, media and tech. We're a community of self-starters who are motivated by the excitement of being at the cutting edge of automation in every part of our organization-from trading, to business operations, to recruiting and beyond. We value openness and transparency, and celebrate great ideas from HRT veterans and new hires alike. At HRT we're friends and colleagues - whether we are sharing a meal, playing the latest board game, or writing elegant code. We embrace a culture of togetherness that extends far beyond the walls of our office.

Feel like you belong at HRT? Our goal is to find the best people and bring them together to do great work in a place where everyone is valued. HRT is proud of our diverse staff; we have offices all over the globe and benefit from our varied and unique perspectives. HRT is an equal opportunity employer; so whoever you are we'd love to get to know you.

Please be advised: Use of AI tools during interviews or assessments is strictly prohibited, unless otherwise instructed or agreed upon. We employ various methods to evaluate the authenticity of candidate responses. If we determine that AI assistance was used during any stage of the hiring process, we reserve the right to immediately disqualify your candidacy or rescind any job offers extended.