Senior Security Engineer II

## .Responsibilities### Audit & Compliance Program Ownership
* Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Services Criteria), Cyber Essentials, and NIST-based frameworks (including identity controls aligned to NIST SP 800-63)
* Own the full audit lifecycle, including scoping, readiness assessments, control design, evidence collection, auditor coordination, and remediation tracking
* Act as a primary owner for the organization’s audit and compliance program, setting direction for control design, audit readiness, and continuous compliance practices
* Map and rationalize controls across frameworks (e.g., ISO  SOC  NIST) to reduce duplication and improve efficiency
** Compliance as Code & Automation
*** Implement compliance-as-code practices, embedding security controls into infrastructure and application workflows using policy-as-code and automation
* Partner with engineering teams to integrate compliance checks into CI/CD pipelines and cloud environments to enable continuous compliance monitoring
* Partner with security and engineering teams to design and embed scalable, automated, audit-aligned controls directly into systems and workflows
* Leverage APIs and integrations within GRC platforms and engineering systems to automate evidence collection and control validation
** GRC Platform & Control Management
*** Administer and optimize a GRC platform (e.g., Audit Board, Drata, Vanta), including control management, automated evidence collection, risk register maintenance, and audit workflows
* Maintain audit-ready documentation with clear traceability between controls, risks, and supporting evidence
** Strategy, Metrics & Continuous Improvement
*** Influence security and engineering teams to adopt scalable, audit-aligned control implementations
* Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness
* Drive continuous improvement initiatives across the security and compliance program
* Develop and maintain policies, standards, and procedures aligned with evolving regulatory and security requirements
* Support identity and access management controls aligned with NIST SP 800-63 (Digital Identity Guidelines)
* Provide guidance and training to internal stakeholders on audit expectations and control responsibilities
· All other duties as assigned

Requirements·        
* Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience·
* 5+ years of experience in security, compliance, or audit-focused engineering roles·
* Hands-on experience implementing compliance-as-code or automated compliance frameworks, including policy-as-code, continuous control monitoring, or automated evidence collection
* Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end·
* Experience supporting or leading additional frameworks such as Cyber Essentials, NIST, or similar
* Strong understanding of NIST SP 800-63 and identity/authentication controls
* Hands-on experience with a GRC platform (Audit Board, Drata, Vanta, or similar) — required
* Experience with control frameworks, risk assessments, and evidence-based auditing
* Ability to translate technical implementations into audit-ready controls and documentation
* Strong stakeholder management and auditor-facing communication skills
* Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred)

Preferred Qualifications
* Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
* Experience scaling compliance programs in high-growth environments
* Familiarity with policy-as-code tools (e.g., OPA/Rego, AWS Config, Azure Policy) and infrastructure-as-code (e.g., Terraform, Cloud Formation)
* Experience integrating security and compliance controls into CI/CD pipelines and cloud-native environments

U.S. National Base Pay Range: $95,300 - $158,800. Geographic differentials may apply in some locations to better reflect local market rates.

This job is eligible for an annual incentive bonus.
** We know your well-being and happiness are key to…