Senior Security Engineer II

This job is with LexisNexis Legal & Professional®, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ business community. Please do not contact the recruiter directly.

Responsibilities

Audit & Compliance Program Ownership

• Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Services Criteria), Cyber Essentials, and NIST-based frameworks (including identity controls aligned to NIST SP 800-63)
• Own the full audit lifecycle, including scoping, readiness assessments, control design, evidence collection, auditor coordination, and remediation tracking
• Act as a primary owner for the organization's audit and compliance program, setting direction for control design, audit readiness, and continuous compliance practices
• Map and rationalize controls across frameworks (e.g., ISO ↔ SOC ↔ NIST) to reduce duplication and improve efficiency
  
  

Compliance as Code & Automation

• Implement compliance-as-code practices, embedding security controls into infrastructure and application workflows using policy-as-code and automation
• Partner with engineering teams to integrate compliance checks into CI/CD pipelines and cloud environments to enable continuous compliance monitoring
• Partner with security and engineering teams to design and embed scalable, automated, audit-aligned controls directly into systems and workflows
• Leverage APIs and integrations within GRC platforms and engineering systems to automate evidence collection and control validation
  
  

GRC Platform & Control Management

• Administer and optimize a GRC platform (e.g., AuditBoard, Drata, Vanta), including control management, automated evidence collection, risk register maintenance, and audit workflows
• Maintain audit-ready documentation with clear traceability between controls, risks, and supporting evidence
  
  

Strategy, Metrics & Continuous Improvement

• Influence security and engineering teams to adopt scalable, audit-aligned control implementations
• Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness
• Drive continuous improvement initiatives across the security and compliance program
• Develop and maintain policies, standards, and procedures aligned with evolving regulatory and security requirements
• Support identity and access management controls aligned with NIST SP 800-63 (Digital Identity Guidelines)
• Provide guidance and training to internal stakeholders on audit expectations and control responsibilities
• All other duties as assigned
  
  

Requirements·

• Bachelor's degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience·
• 5 years of experience in security, compliance, or audit-focused engineering roles·
• Hands-on experience implementing compliance-as-code or automated compliance frameworks, including policy-as-code, continuous control monitoring, or automated evidence collection
• Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end·
• Experience supporting or leading additional frameworks such as Cyber Essentials, NIST, or similar
• Strong understanding of NIST SP 800-63 and identity/authentication controls
• Hands-on experience with a GRC platform (AuditBoard, Drata, Vanta, or similar) - required
• Experience with control frameworks, risk assessments, and evidence-based auditing
• Ability to translate technical implementations into audit-ready controls and documentation
• Strong stakeholder management and auditor-facing communication skills
• Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred)
  
  

Preferred Qualifications

• Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
• Experience scaling compliance programs in high-growth environments
• Familiarity with policy-as-code tools (e.g., OPA/Rego, AWS Config, Azure Policy) and infrastructure-as-code (e.g., Terraform, CloudFormation)
• Experience integrating security and compliance controls into CI/CD pipelines and cloud-native environments
  
  

U.S. National Base Pay Range: $95,300 - $158,800. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus.

We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.

Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.

Please read our Candidate Privacy Policy.

We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.

USA Job Seekers

EEO Know Your Rights.

]]>