Senior Security Engineer II
LexisNexis · Raleigh, NC · 2 mo ago
Information Technology$95k–$159k/yrFull-time
About the role
This position is a Hybrid role on site in the Raleigh, N.C. office 2-3 days a week. Senior Security Engineer II - Compliance Automation & Controls
Responsibilities
- Lead implementation and administration of a GRC platform (e.g., Vanta)
- Configure controls, evidence mapping, and integrations (AWS, identity systems, etc.)
- Establish automated evidence collection and continuous monitoring
- Reduce reliance on manual evidence gathering
- Develop and maintain a unified control framework aligned to SOC 2, ISO 27001, and other standards
- Define control statements, evidence requirements, and testing expectations
- Map controls across frameworks to reduce duplication
- Maintain traceability between controls and evidence
- Establish team-based ownership model for controls
- Align systems and services to responsible teams
- Improve ownership visibility to reduce audit coordination overhead
- Audit Enablement
- Support audit readiness through well-defined and monitored controls
- Partner with compliance team to streamline audits
- Enable evidence reuse across frameworks
- Process Standardization & Continuous Improvement
- Standardize documentation and workflows
- Improve efficiency and reduce audit fatigue
- Support policy and standards development
- Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness
Requirements
- Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience
- 5+ years of experience in security, compliance, or audit-focused roles
- Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end
- Strong understanding and experience with control frameworks
- Strong stakeholder management and auditor-facing communication skills
- Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred)
Preferred Qualifications
- Experience with automation and continuous compliance
- Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
- Multi-framework experience
- Experience scaling compliance programs in high-growth environments