Principal Security Engineer - Director of Security Governance and Risk Management

As a Principal Security Engineer within the Cybersecurity and Technology Controls organization, you will provide expertise and engineering excellence as an integral part of an agile team. Your role will involve enhancing and developing cybersecurity software solutions that meet pre-defined functional and user requirements, with a focus on preventing misuse, circumvention, and malicious behavior. You will utilize your advanced technical capabilities and collaborate with colleagues across the organization to drive best-in-class outcomes.

Key Responsibilities:

• Design, develop, integrate, and maintain custom, data-driven security posture and security solutions within the enterprise environment.
• Partner with product stakeholders, security architects, and technology risk teams to effectively identify risk and influence the prioritization of the remediation efforts.
• Drive the implementation of robust security controls on core compute infrastructure, including virtualization platforms (hypervisors), servers, infrastructure provisioning (IaC), and hardware supply chain, to prevent unauthorized access and protect against data breaches.
• Oversee the inventory of systems and security controls for OS hardening, including Anti-Virus & EDR compliance, configuration management, patch management, and continuous monitoring.
• Develop and maintain thorough documentation of security assessments, mitigation strategies, and security controls.
• Develop and maintain Control Procedures as new control requirements arise.
• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of cybersecurity controls. Provide regular reports to senior leadership, highlighting trends, risks, and areas for improvement.
• Participate in post-incident reviews to determine root causes and provide recommendations to prevent future incidents.
• Utilize data analytics to inform strategic decisions and enhance the organization's security posture. Leverage insights from data to drive continuous improvement in cybersecurity practices.
• Oversee the team's cybersecurity portfolio, ensuring effective management of key security initiatives and projects. Drive initiatives to comply with relevant cybersecurity standards defined in the firm. Stay abreast of the threat landscape and ensure timely updates to policies and procedures.
• Foster strong partnerships with product leaders, security architects, and technology risk teams to ensure alignment of security measures with business objectives.

• Formal training or certification on software engineering concepts and 10+ years applied experience
• Experience developing security engineering solutions for infrastructure platforms.
• Experience with advanced security controls and cybersecurity practices.
• Proven leadership experience in a senior cybersecurity role, with a track record of driving strategic initiatives.
• Deep understanding of cybersecurity standards and frameworks (e.g., NIST, ISO 27001, MITRE).
• Exceptional analytical, problem-solving, and decision-making skills, with a data-driven approach.
• Excellent communication and interpersonal skills, with the ability to influence and engage senior business leaders.
• Strong project and portfolio management skills, with experience in managing large-scale, complex projects.
• Ability to drive innovation and foster a culture of continuous improvement within the cybersecurity team.
• Experience with threat modeling.

• Familiarity with emerging technologies and trends in cybersecurity.
• Cybersecurity certifications such as Certified Information Systems Security Professional (CISSP) or OSCP are advantageous but not mandatory.