Senior Information Security Engineer (GRC)

The Role

We are seeking a skilled Governance, Risk, and Compliance (GRC) Senior Information Security Engineer to join our Governance team in the Cybersecurity department. The Senior Information Security Engineer (GRC) is responsible for integrating and managing governance, risk, and compliance activities to support the organization’s cybersecurity strategy. This role involves designing and implementing policies, standards, procedures to ensure regulatory compliance, mitigate risks, and uphold best practices in cybersecurity and information security. As a senior member of the cybersecurity team, the GRC Engineer will collaborate with both technical and business units to build a resilient security posture while managing risks and ensuring compliance. 

How You'll Help Take Us There

 Cybersecurity Governance: 

• Develop, implement, and maintain cybersecurity governance frameworks, ensuring alignment with business objectives. 
• Design and update policies, standards, and procedures to meet industry regulations (e.g., SOX, GDPR, ISO 27001, NIST, SOC 2, PCI-DSS, DORA, etc.). 
• Collaborate with cybersecurity leadership to ensure all practices meet internal and external compliance standards. 

Cyber Risk Management: 

• Identify, assess, and manage cybersecurity risks, working with teams to implement mitigation controls and strategies. 
• Conduct risk assessments across IT infrastructure, applications, and third-party vendors. 
• Provide technical expertise to help prioritize and remediate identified risks based on threat intelligence and business impact. 

Compliance Monitoring: 

• Ensure the organization’s cybersecurity program meets regulatory and contractual compliance requirements. 
• Oversee audits and assessments, coordinating responses to audit findings, and developing remediation plans. 
• Track compliance against security frameworks and manage the GRC toolset to monitor ongoing adherence. 

Security Incident Response: 

• Lead and manage the GRC aspects of cybersecurity incidents, ensuring accurate documentation, reporting, and follow-up actions. 
• Work closely with incident response teams to investigate, document, and resolve compliance-related security incidents. 
• Create incident response protocols that align with governance and compliance frameworks. 

Cybersecurity Strategy & Roadmap: 

• Contribute to the development and execution of the cybersecurity roadmap, aligning governance and risk management objectives with strategic goals. 
• Advise leadership on emerging cybersecurity risks, regulatory changes, and new compliance requirements. 
• Support the continuous improvement of the organization’s cybersecurity posture through GRC initiatives. 

Security Risk Assessments: 

• Conduct internal security assessments to identify gaps in compliance and areas for improvement. 
• Lead risk assessments and security evaluations of internal systems and third-party vendors. 
• Develop actionable reports and recommendations for improving the organization’s security and compliance frameworks. 

Training & Awareness: 

• Provide cybersecurity awareness training related to GRC topics across various departments. 
• Ensure all employees understand and adhere to the organization’s cybersecurity policies and compliance requirements. 
• Collaborate with HR and legal teams to implement ongoing security awareness and training programs. 

Client Security Due Diligence: 

• Support due diligence inquiries and efforts from existing clients and new prospects on the cyber posture of the firm and its services. 
• Engage with business, sales, product, and client due diligence teams to provide timely support to clients.  

Third-Party Risk Management (TPRM): 

• Support the third-party review process as part of the TPRM program, ensuring that third-party vendors and partners meet the organization’s security, compliance, and risk standards. 
• Collaborate with procurement, legal, and technology teams to develop and implement risk mitigation strategies for third-party risks. 

What We’re Looking for  

• 5+ years of experience in cybersecurity or GRC roles within a security-focused or highly regulated industry such as finance, healthcare, or technology.  
• Experience leading GRC projects and initiatives, including policy development, risk assessments, TPRM, and audits.  
• Strong experience with regulatory standards and frameworks such as GDPR, ISO 27001, SOC 2, NIST CSF, PCI-DSS, and SOX. 
• Proven ability to manage risk assessments, internal audits, and regulatory compliance within a cybersecurity context. 
• In-depth understanding of cybersecurity risk management frameworks (e.g., NIST RMF, ISO 31000). 
• Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC) and security tools (e.g., SIEM, vulnerability management). 
• Proficiency in analyzing security threats, vulnerabilities, and compliance gaps, and providing technical risk mitigation recommendations. 
• Strong communication skills with the ability to explain complex cybersecurity and risk management issues to technical and non-technical stakeholders. 
• Strong analytical and problem-solving capabilities with attention to detail. 
• Ability to work with cross-functional teams and manage multiple projects in a fast-paced environment. 
• Familiarity with cloud security and emerging technologies impacting governance and compliance. 
• Preferred bachelor's in information security, Information Technology, Business Administration, or a related field. A master's degree is a plus.  
• Relevant cybersecurity certifications such as CISSP, CRISC, CGEIT, CISA, or equivalent. 

What You Can Expect from Us

• Hybrid Environment: Our employees enjoy a mix of working in the office and from home
• Free Food: We provide free lunch for employees when they are working in the office. Plus, our offices are stocked with snacks
• Paid Time Off: Competitive PTO package including vacation and personal days, sick leave and charity days
• Generous Parental Leave: Up to 20 weeks fully paid leave
• 401(k): Dollar-for-dollar employer match up to $17,500
• Employee Stock Purchase Plan: Employees can purchase MarketAxess common stock at a discount
• Wellness Stipend: We provide employees with up to $1K annually towards gym memberships, home office equipment and more
• Onsite Healthcare: We offer convenient access to world-class care through Mount Sinai at our Hudson Yards location
• Tuition Assistance and Professional Development: Benefit from live and on-demand learning, role-specific training, employee-led Lunch and Learns and guest speakers
• Core benefits: Highly competitive medical, dental, and vision programs

For job positions in NYC, NY, and other locations where required, the estimated salary range for a new hire into this position is $150,000 USD to $200,000 USD. Actual salary may vary depending on job-related factors, which may include knowledge, skills, experience, and location. You may also be eligible for annual cash incentives, equity, and other benefit programs.

MarketAxess Corporation and its affiliates provide equal employment opportunities to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, veteran status, or any other legally protected characteristic in the location in which the candidate is applying.

All of your information will be kept confidential according to EEO guidelines.