Senior Security Engineer - Infrastructure Security

Join K Health as a Senior Security Engineer specializing in Compliance and Risk. In this pivotal role, you will be responsible for ensuring that our security measures meet regulatory compliance standards while effectively managing risk. You will collaborate with cross-functional teams to implement security protocols that protect our data and systems.

Join Hudson River Trading (HRT), a pioneering firm in the trading space, as the Lead for Security Governance, Risk, and Compliance within our expanding Information Security team. This pivotal role will spearhead the security governance initiatives for HRT entities across America, Europe, and Asia, driving the automation of security governance at scale.In this hands-on position, you will collaborate closely with HRT’s Compliance and Legal teams to research, develop, and uphold security solutions tailored to a diverse range of industry regulations and requirements. You’ll lead a skilled technical team tasked with strategically ensuring HRT’s compliance with global security standards, facilitating our growth into new markets with complex regulatory landscapes.

Role Overview:We are seeking a meticulous and analytical Risk and Compliance Analyst to join our dynamic team. This position is pivotal in assisting with risk analysis and the implementation of controls that align with regulatory standards and client control frameworks. The ideal candidate will possess exceptional critical thinking abilities, strong analytical skills, and the capacity to work autonomously.As part of our commitment to growth, you will play a key role in enhancing Elliptic's risk and compliance processes, tailoring our offerings to meet the needs of clients operating in complex regulatory environments. Your contributions will assist in the evolution of our existing frameworks and introduce innovative business practices critical to our strategic goals.You will collaborate within a small yet energetic team in a rapidly growing organization, requiring a mindset geared towards growth. We value commitment to your colleagues and the company, along with a proactive approach to identifying and overcoming challenges collaboratively. The environment is fast-paced yet rewarding!We encourage professional development and are looking for someone who can fulfill current needs while also having the potential for greater responsibilities in the future.Key Responsibilities:Supporting the Enterprise Risk Management Framework (ERMF):Enhance and mature existing enterprise-wide ERMF processes and procedures.Collaborate with stakeholders to conduct risk assessments and convey operational and tactical risks using risk management tools.Work alongside department heads to develop risk treatment controls and implement monitoring processes to evaluate control design and effectiveness.Analyze risk data and communicate findings regarding risk concentration and changes in risk scores to management through various forums and committees.Assist in creating risk policies and procedures.Design and deliver risk training and awareness programs for colleagues.Managing the Organizational Compliance Framework:Maintain a comprehensive understanding of relevant regulatory requirements...

The MLB Information Security team is seeking a dedicated Governance, Risk & Compliance (GRC) Analyst for a seasonal position. This role is essential in supporting our governance, risk management, and compliance initiatives. The selected Analyst will engage in various GRC activities, including assisting with audit preparations, conducting risk assessments, monitoring risk registers, and updating internal policies and procedures.Key ResponsibilitiesAssist in the implementation of MLB’s data privacy, governance, and risk management programs.Facilitate the execution of PCI-DSS and SOC 1 Type II audits by reviewing evidence, coordinating with internal stakeholders, and maintaining audit readiness dashboards.Perform thorough vendor security and compliance risk assessments while providing recommendations for contractual security provisions.Refine and maintain vendor risk review workflows, manage the vendor repository, and apply risk tiering based on data access and criticality using MLB’s TPRM tool.Track and manage risk acceptances and policy exceptions, ensuring proper documentation and regular reviews.Support the fulfillment of Data Subject Access Requests (DSAR), ensuring compliance with statutory timelines required by applicable privacy laws.Assist in drafting compliance policies, procedures, and playbooks related to cybersecurity, privacy, confidentiality, and data protection.Develop and maintain KPIs and dashboards to evaluate the success of GRC programs and initiatives.

Join eproinc, a leading consultancy known for its innovative solutions in Governance, Risk, and Compliance. We are seeking a highly motivated Senior GRC Consultant to strengthen our team in New York. In this role, you will leverage your expertise to assist organizations in navigating complex regulatory landscapes and enhancing their compliance frameworks.

Join a Transformative CompanyPalantir is at the forefront of software innovation, enabling organizations to harness data for impactful decisions and streamlined operations. Our cutting-edge platforms empower partners to create life-saving pharmaceuticals, anticipate supply chain challenges, search for missing persons, and much more.About the PositionIn the role of Compliance Engineer, you will play a crucial part in helping our engineering teams implement and uphold Palantir's Security Controls across our diverse product offerings. Collaborating closely with various departments, you will shape these controls and promote a proactive and agile approach to risk management throughout the organization. Your expertise will guide us in navigating and interpreting complex U.S. Government regulations (such as FedRAMP, CMMC, IL5, IL6), providing actionable recommendations on technical architecture, documentation, operational aspects, and sustainable processes to facilitate our rapid and efficient growth.

Join NBCUniversal Media as a key player in our Risk & Compliance team, where you will oversee strategic initiatives to ensure our operations meet the highest standards of compliance and risk management. Your leadership will drive the implementation of effective risk mitigation strategies across various business units, fostering a culture of compliance and integrity.

Join our dynamic team at blacksmith as a Governance, Risk, and Compliance (GRC) Manager. In this pivotal role, you will oversee our GRC strategies, ensuring compliance with regulations and managing risks effectively. Your expertise will drive the development of policies, procedures, and frameworks that align with our business objectives.We are looking for a proactive leader who can communicate effectively across departments and foster a culture of compliance and risk mitigation. You will play a crucial role in guiding our organization through the complexities of regulatory requirements and risk assessments.

At January, we are on a mission to revolutionize consumer finance from the ground up. By personalizing interactions and optimizing decision-making throughout all stages of consumer credit, we empower both consumers and creditors, ensuring that credit is fair, accessible, and tailored to individual needs.As a Lead Security Engineer, you will redefine security standards in an industry where trust has been significantly compromised. This is a unique opportunity to join us at a pivotal moment: we have established the hard-earned trust of leading financial institutions, and now you will create the security framework that extends this trust to millions of consumers.You will design and implement a dual trust architecture, safeguarding both consumer-facing experiences and robust enterprise systems. You will tackle technical challenges that are unparalleled in the industry, such as privacy-preserving data systems, compliance automation across multiple jurisdictions, and AI-driven decision-making processes. Your influence will shape our security strategy and culture from the ground up, demonstrating that security is not merely an overhead cost, but a competitive advantage that drives enterprise partnerships and market growth.Your ImpactTransform security into a competitive edge: Position January's security as a key differentiator that attracts banks and enterprises, unlocking Tier 1 partnerships and deals that competitors cannot secure.Promote security-by-design in product and application development: Collaborate with product and engineering teams to identify critical risks early in the process, focusing on application security across frontend, Flask services, and databases. Integrate security into the discovery and design phases, ensuring secure development patterns are embedded in workflows.Design systems for bank-grade data protection: Create and enforce data classification, encryption, and access control mechanisms that comply with regulatory standards, ensuring sensitive data remains within authorized boundaries.Foster a security-first engineering culture: Advocate for security-centric thinking within engineering teams without hindering progress. Lead incident responses decisively, ensuring that January emerges stronger from security events through thorough post-incident analyses.Streamline compliance with minimal overhead: Maintain SOC 2, PCI-DSS, and financial compliance using automated systems and build infrastructure that generates audit evidence seamlessly, eliminating compliance bottlenecks.

About Our TeamThe Corporate Security team at OpenAI is committed to the safety and security of our personnel and facilities. We prioritize the responsible advancement of artificial intelligence while protecting our technologies and intellectual properties on a global scale.About the OpportunityAs the Risk Program Manager, you will lead initiatives to identify and mitigate physical security risks that may impact OpenAI's staff, executives, and facilities worldwide. This vital role ensures a secure environment that facilitates the continuous development of our AI technologies.The ideal candidate possesses extensive knowledge in physical security, counterintelligence, and risk management tailored to a corporate setting. Your expertise goes beyond technical skills; you thrive in building relationships across various departments and with external federal law enforcement and intelligence agencies both domestically and internationally. Moreover, your ability to clearly and engagingly communicate complex security issues makes you proficient in engaging stakeholders at every level of the organization.This position is located in New York City, Seattle, or Washington DC. We operate on a hybrid work model of three days in the office weekly and provide relocation assistance for new hires.Key Responsibilities:Conduct continuous assessments to identify and evaluate potential physical security threats and counterintelligence issues related to OpenAI's personnel and facilities.Devise and execute risk mitigation strategies that integrate with existing crisis management and cybersecurity protocols.Maintain close collaboration with federal law enforcement and intelligence agencies in the US and internationally to ensure prompt communication of threat intelligence.Collaborate with the Crisis Management and Information Security teams to ensure a unified and thorough approach to organizational security.Support various Corporate Security programs, including executive protection and event security, ensuring alignment with risk management strategies.Prepare and present comprehensive security risk assessments and strategic mitigation plans to senior management.Assist in designing and delivering security training programs focused on physical security and counterintelligence awareness.

Role Overview Palantir Technologies is hiring an Information Security Engineer focused on Insider Risk in New York, NY. This role centers on protecting sensitive data from internal threats. The position calls for hands-on work designing and implementing security measures that help keep proprietary information safe. What You Will Do Develop and deploy controls to detect and prevent insider risks Work to secure Palantir’s data and internal systems against unauthorized access or misuse Support compliance with industry security standards Collaborate with teams to strengthen security practices around sensitive information About Palantir Palantir builds software that helps organizations manage and analyze data securely. The company values innovative solutions and a strong commitment to data protection.

Role Overview Sigma Computing is looking for a Governance, Risk & Compliance (GRC) Manager to lead the design and rollout of GRC programs. This role reports to the General Counsel and is based in New York City, NY or San Francisco, CA. What You Will Do Develop and execute GRC initiatives that support business growth and manage organizational risk. Work closely with teams across Legal, Engineering, Product, Sales, and Operations to build a GRC framework that protects company interests and supports strategic objectives. Strengthen governance structures and introduce scalable risk management processes. Ensure compliance with applicable regulatory standards while enabling the business to operate confidently and efficiently. Promote trust among internal and external stakeholders by maintaining high standards of governance and compliance. Location This position can be based in New York City, NY or San Francisco, CA.

rogo is hiring a Governance, Risk, and Compliance (GRC) Analyst to join the team in New York City. This role centers on identifying, evaluating, and managing compliance risks across the organization. The analyst will work with colleagues from multiple departments to help ensure that operations align with regulatory requirements and industry standards. Key responsibilities Assess compliance risks throughout the company Work with teams to implement risk management strategies Contribute to the development and refinement of internal policies Review existing processes and suggest improvements Take part in audits and ongoing assessments Provide insights that support decision-making and reinforce the compliance framework Location This position is based in New York City.

Why join usAt Brex, we are revolutionizing the way companies manage their spending through our AI-driven financial platform. By offering integrated corporate cards, banking solutions, and global payment options, we empower businesses—from startups to large enterprises—to gain control over their spending, reduce costs, and enhance operational efficiency. Notable companies like DoorDash, Flexport, and Compass trust Brex to streamline their financial operations.Joining Brex means you’ll have the opportunity to push boundaries, challenge conventional thinking, and collaborate with some of the brightest minds in the tech industry. We pride ourselves on fostering a diverse and inclusive workplace where your potential is only limited by your imagination. We equip you with the tools, resources, and support necessary for your professional growth.EngineeringOur engineering teams focus on creating scalable systems with intention and speed. We operate across Software, Data, Security, and IT, working autonomously but collaboratively to tackle complex technical challenges. Our culture values craftsmanship in engineering, empowering builders to evolve into leaders.What you’ll doAs a Senior GRC Lead at Brex, you will play a pivotal role in the maturation of our Governance, Risk, and Compliance function. Your expertise in compliance will seamlessly integrate with your technical skills to drive essential GRC processes that minimize risk, ensure regulatory compliance, and strengthen trust with our customers and partners. You will enhance our Trust program’s technical foundation by automating security controls, developing integrations between security tools and GRC platforms, and creating scalable compliance processes as we expand globally. Your work will span the intersection of security, engineering, and compliance, translating regulatory requirements into actionable technical solutions and building automation to reduce manual efforts.Utilizing your comprehensive knowledge of frameworks such as SOC 2, PCI DSS, ISO 27001, and AI governance frameworks, you will design controls for new compliance requirements and advance existing programs through automation and continuous monitoring. You will support Trust Assurance, Third Party Risk Management, and various Security Risk Management initiatives. Collaborating with our Engineering, Infrastructure, and Product teams, you will translate compliance frameworks into technical controls and develop automated systems to achieve world-class security as Brex grows.

About UsAt Rain, we are pioneering the future of payments on a global scale. Our dynamic team, composed of seasoned founders and innovators, is dedicated to making stablecoins accessible in the real world. We facilitate card transactions, cross-border payments, B2B purchases, remittances, and more, partnering with fintechs, neobanks, and institutions to create inclusive and efficient solutions. Join us in shaping a borderless financial future at a rapidly growing company backed by top investors in the fintech, crypto, and SaaS sectors.Our CultureWe embrace a flat organizational structure that empowers every team member to grow in alignment with their personal goals. Everyone, regardless of their role, is encouraged to share ideas and contribute to the company's roadmap and vision.Your RoleLead the compliance program for DORA, SOC 2, SOC 1, GDPR, and PCI, ensuring adherence to regulatory and audit standards.Oversee compliance audits and certifications from start to finish, including renewals and new certifications.Update and refine Rain’s policies to align with regulatory expectations consistently across all entities.Collaborate with engineering, security, legal, and operations teams to ensure operational compliance with our policies.Promote a proactive compliance culture by educating the team on obligations and integrating compliance into daily operations.Identify potential compliance gaps early and implement remediation strategies to ensure audit readiness.Support the team in enhancing compliance-related activities, including KYB, KYC, and AML processes, informed by operational data.QualificationsOpen to candidates based in the US and EU.3–7+ years of experience in compliance, GRC, or security assurance, preferably in fintech, payments, SaaS, or similar regulated sectors.Strong knowledge of SOC 2, SOC 1, GDPR, PCI, and other compliance frameworks.Excellent analytical and problem-solving skills.Strong communication skills and ability to work collaboratively.

Join EliseAI as a Governance, Risk, and Compliance AnalystAt EliseAI, we are on a mission to transform the housing and healthcare sectors. Our innovative use of AI technology simplifies vital processes, making essential services more accessible and efficient for all.With a focus on enhancing the experience for renters and patients alike, we provide streamlined solutions for apartment tours, lease signing, maintenance requests, appointment scheduling, and patient-provider communication.After successfully securing a $250 million Series E round led by Andreessen Horowitz, we are poised to accelerate our growth and impact.Position OverviewAs a Governance, Risk, and Compliance (GRC) Analyst, you will play a crucial role in reinforcing our security and compliance initiatives. Your expertise will ensure we maintain regulatory readiness, manage third-party risks, and align our policies with industry standards.You will collaborate with cross-functional teams, including Security Engineering and Legal, to operationalize compliance efforts, facilitate audits, and address due diligence requests from customers and vendors. This role is vital in meeting compliance deadlines and supporting our sales operations.Key ResponsibilitiesManage compliance programs related to frameworks such as SOC 1, SOC 2, PCI, HITRUST, and HIPAA.Facilitate audit activities, including gathering evidence, preparing documentation, and responding to auditor inquiries.Monitor compliance requirements and engage stakeholders on outstanding issues.Conduct vendor risk assessments and oversee third-party due diligence processes.Support the development and implementation of policies and procedures to ensure compliance with regulatory standards.

Flex is hiring a Senior Fullstack Software Engineer to join the Risk Engineering team. This position can be based in New York, San Francisco, or remote within the U.S. Role overview This role centers on designing, building, and maintaining applications that support Flex’s risk management efforts. The Senior Fullstack Software Engineer will collaborate closely with teammates to deliver solutions that improve how risk is assessed and managed across the company. What you will do Develop and maintain both frontend and backend components for risk-related applications Work with team members to design features and solve technical challenges Contribute to projects from initial planning through deployment Requirements Experience in both frontend and backend software development Ability to drive projects through the full development lifecycle Interest in building solutions that support risk management

Role Overview The NFL is seeking a Senior Manager, Information Security Internal Audit & Risk Advisory, based in New York. This position sits within the Internal Audit Department and focuses on leading and supporting audits related to the League’s Information Technology operations. The work spans compliance reviews for member clubs, stadiums, and League contractors. A strong audit background is essential to protect the confidentiality, integrity, and availability of the NFL’s information systems, including network and cloud architecture, infrastructure and endpoint security, vulnerability management, and general IT controls (ITGC). This is a highly visible role that involves managing several projects at once across different environments. The Senior Manager will interact directly with senior leadership, prepare trend reports for executives, and oversee external resources. The position requires sound judgment and discretion, especially when handling sensitive matters. The Senior Manager reports to the Senior Director, Internal Audit & Risk Advisory Services, who leads all information security audit activities. Key Responsibilities Work with the Senior Director to develop and schedule annual audit plans. Plan, manage, and execute all steps of work programs for audits and reviews involving League departments, member clubs, stadiums, and contractors. Supervise multiple external staff during audits and reviews. Provide regular updates on the status of audit engagements. Discuss audit findings with management at the League, clubs, and stadiums. Draft reports for review and sign-off by the Senior Director. Support the preparation and delivery of presentations to League, club, and stadium management. Perform follow-up work to assess the effectiveness of corrective actions taken in response to previous audit observations. Track quality, efficiency, and performance metrics, reporting updates to the Senior Director. Help manage department-wide objectives in collaboration with other Audit team members. Assist in shaping and implementing initiatives aimed at strengthening Internal Audit’s core mission, capabilities, and long-term value to the League.

Anaplan, Inc. is hiring a Director of Security Trust & Risk based in New York City. This leadership role focuses on safeguarding company data, ensuring confidentiality, and maintaining the integrity of information systems. The director will guide the development and execution of security strategies that align with recognized industry standards. What you will do Create and roll out security policies and procedures throughout the organization Monitor and enforce compliance with industry standards and regulatory requirements Encourage security awareness and share best practices with employees Role focus This position oversees the company’s approach to risk management and information protection. The director plays a key part in shaping a culture of security and trust across all levels of the organization.