Senior Security Engineer II
LexisNexis · Raleigh, North Carolina, US
Responsibilities Audit & Compliance Program Ownership - Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Serv...
Job description
Responsibilities Audit & Compliance Program Ownership: Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Services Criteria), Cyber Essentials, and NIST-based frameworks (including identity controls aligned to NIST SP 800-63) Own the full audit lifecycle, including scoping, readiness assessments, control design, evidence collection, auditor coordination, and remediation tracking Act as a primary owner for the organization’s audit and compliance program, setting direction for control design, audit readiness, and continuous compliance practices Map and rationalize controls across frameworks (e.g., ISO ↔ SOC ↔ NIST) to reduce duplication and improve efficiency Compliance as Code & Automation: Implement compliance-as-code practices, embedding security controls into infrastructure and application workflows using policy-as-code and automation Partner with engineering teams to integrate compliance checks into CI/CD pipelines and cloud environments to enable continuous compliance monitoring Partner with security and engineering teams to design and embed scalable, automated, audit-aligned controls directly into systems and workflows Leverage API...