Senior Security Engineer II
hackajob · Raleigh, NC · 1 wk ago
HybridEngineering$95k–$159k/yrFull-time
About the role
We are seeking a Senior Security Engineer to design and implement a scalable Governance, Risk, and Compliance (GRC) foundation across our cloud-based environment. This role will focus on standardizing controls, improving ownership visibility, and enabling automated evidence collection to support continuous compliance across SOC 2, ISO 27001, Cyber Essentials, and related frameworks. This is a transformation-focused role. The successful candidate will partner with compliance, security, and engineering teams to move the organization from a manual, audit-driven model to a structured, automation-enabled GRC program.
Responsibilities
- GRC Platform Implementation & Automation
- Lead implementation and administration of a GRC platform (e.g., Vanta)
- Configure controls, evidence mapping, and integrations (AWS, identity systems, etc.)
- Establish automated evidence collection and continuous monitoring
- Reduce reliance on manual evidence gathering
- Control Framework Development
- Develop and maintain a unified control framework aligned to SOC 2, ISO 27001, and other standards
- Define control statements, evidence requirements, and testing expectations
- Map controls across frameworks to reduce duplication
- Maintain traceability between controls and evidence
- Ownership & System Mapping
- Establish team-based ownership model for controls
- Align systems and services to responsible teams
- Maintain lightweight system inventory
- Improve ownership visibility to reduce audit coordination overhead
- Audit Enablement
- Support audit readiness through well-defined and monitored controls
- Partner with compliance team to streamline audits
- Enable evidence reuse across frameworks
- Process Standardization & Continuous Improvement
- Standardize documentation and workflows
- Improve efficiency and reduce audit fatigue
- Support policy and standards development
- Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness
Requirements
- Bachelor's degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience
- 5+ years of experience in security, compliance, or audit-focused roles
- Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end
- Hands-on experience with a GRC platform (AuditBoard, Drata, Vanta, or similar) – required
- Strong understanding and experience with control frameworks
- Ability to translate technical implementations into audit-ready controls and documentation
- Strong stakeholder management and auditor-facing communication skills
- Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred)
Preferred Qualifications
- Experience with automation and continuous compliance
- Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
- Multi-framework experience
- Experience scaling compliance programs in high-growth environments