Security Engineer II

We are seeking a Senior Security Engineer to design and implement a scalable Governance, Risk, and Compliance (GRC) foundation across our cloud-based environment. This role will focus on standardizing controls, improving ownership visibility, and enabling automated evidence collection to support continuous compliance across SOC 2, ISO 27001, Cyber Essentials, and related frameworks. This is a transformation-focused role. The successful candidate will partner with compliance, security, and engineering teams to move the organization from a manual, audit-driven model to a structured, automation-enabled GRC program.

Responsibilities

GRC Platform Implementation & Automation

Lead implementation and administration of a GRC platform (e.g., Vanta)

Configure controls, evidence mapping, and integrations (AWS, identity systems, etc.)

Establish automated evidence collection and continuous monitoring

Reduce reliance on manual evidence gathering

Control Framework Development

Develop and maintain a unified control framework aligned to SOC 2, ISO 27001, and other standards

Define control statements, evidence requirements, and testing expectations

Map controls across frameworks to reduce duplication

Maintain traceability between controls and evidence

Ownership & System Mapping

Establish team-based ownership model for controls

Align systems and services to responsible teams

Maintain lightweight system inventory

Improve ownership visibility to reduce audit coordination overhead

Audit Enablement

Support audit readiness through well-defined and monitored controls

Partner with compliance team to streamline audits

Enable evidence reuse across frameworks

Process Standardization & Continuous Improvement

Standardized documentation and workflows

Improve efficiency and reduce audit fatigue

Support policy and standards development

Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness

All other duties as assigned

Bachelor's degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience

5+ years of experience in security, compliance, or audit-focused roles

Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end

Hands-on experience with a GRC platform (AuditBoard, Drata, Vanta, or similar) - required

Strong understanding and experience with control frameworks

Ability to translate technical implementations into audit-ready controls and documentation

Strong stakeholder management and auditor-facing communication skills

Experience in cloud-native or SaaS environments (AWS, Azure, or Google Cloud Platform preferred)

Preferred Qualifications

Experience with automation and continuous compliance

Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor

Multi-framework experience

Experience scaling compliance programs in high-growth environments

 LexisNexis ist ein führender Anbieter intelligenter Rechtsinformation in den Bereichen Steuern, Recht und Wirtschaft. Wir bieten und entwickeln Lösungen und Services, welche die Arbeit unserer Kund:innen schneller, einfacher und produktiver gestalten. 

Als Teil des Business Systems & Technology Teams von LexisNexis Österreich stellen Sie den reibungslosen Ablauf der Geschäftsprozesse durch unsere Business Systeme sicher. Gleichzeitig tragen Sie dazu bei, dass wir unsere Systeme laufend an die sich ändernden Geschäftsprozesse anpassen und weiterentwickeln.