Akerman LLP
Information Security Engineer
Akerman LLP, founded in 1920, seeks an experienced Information Security Engineer to lead ISO 27001 and SOC 2 Type II compliance, govern vendor risk, and automate control monitoring using AI‑powered GRC tools such as Archer, Drata, or Vanta.
Key Responsibilities
Lead the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
Implement and manage harmonized technical and administrative controls aligned with ISO 27001 Annex A and SOC 2 Type II Trust Service Principles (Security, Availability, Confidentiality).
Coordinate and respond to client security audits and vendor security assessments, delivering evidence and documentation on time.
Work closely with internal teams (IT, Legal, Practice Groups, HR) to track remediation, document control maturity, and enforce policy adherence.
Use AI‑powered GRC tools such as Drata, Vanta, and Archer to automate control monitoring, risk assessments, and compliance reporting.
Support the incident response process, including planning, identification, containment, eradication, recovery, and lessons learned.
Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
Participate in third‑party vendor reviews, performing due diligence and tracking remediation activities.
Support cloud and on‑premises security posture improvement across AWS, Azure, and/or GCP environments.
Provide subject‑matter expertise during external audits and risk assessments.
Desired Qualifications
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience).
7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
Hands‑on experience implementing or maintaining ISO 27001 and SOC 2 Type II (Security, Availability, Confidentiality).
Proven experience responding to client security questionnaires and conducting vendor security assessments.
Proficiency with AI‑driven GRC automation tools (e.g., Archer, Drata, Vanta, or similar).
Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
Strong understanding of SIEM, EDR, vulnerability management, and access control systems.
Preferred Certifications
CISSP – Certified Information Systems Security Professional
CISA – Certified Information Systems Auditor
CRISC – Certified in Risk and Information Systems Control
CCSP – Certified Cloud Security Professional
OSCP – Offensive Security Certified Professional
GCIH – GIAC Certified Incident Handler
Key Skills and Attributes
Excellent written and verbal communication skills for audit responses and executive reporting.
Strong organizational and documentation abilities with exceptional attention to detail.
Demonstrated success driving cross‑functional collaboration.
Self‑directed with a proactive mindset for improving security and compliance posture.
We offer an excellent compensation and benefits package.
EOE
#J-18808-Ljbffr
Key Responsibilities
Lead the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
Implement and manage harmonized technical and administrative controls aligned with ISO 27001 Annex A and SOC 2 Type II Trust Service Principles (Security, Availability, Confidentiality).
Coordinate and respond to client security audits and vendor security assessments, delivering evidence and documentation on time.
Work closely with internal teams (IT, Legal, Practice Groups, HR) to track remediation, document control maturity, and enforce policy adherence.
Use AI‑powered GRC tools such as Drata, Vanta, and Archer to automate control monitoring, risk assessments, and compliance reporting.
Support the incident response process, including planning, identification, containment, eradication, recovery, and lessons learned.
Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
Participate in third‑party vendor reviews, performing due diligence and tracking remediation activities.
Support cloud and on‑premises security posture improvement across AWS, Azure, and/or GCP environments.
Provide subject‑matter expertise during external audits and risk assessments.
Desired Qualifications
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience).
7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
Hands‑on experience implementing or maintaining ISO 27001 and SOC 2 Type II (Security, Availability, Confidentiality).
Proven experience responding to client security questionnaires and conducting vendor security assessments.
Proficiency with AI‑driven GRC automation tools (e.g., Archer, Drata, Vanta, or similar).
Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
Strong understanding of SIEM, EDR, vulnerability management, and access control systems.
Preferred Certifications
CISSP – Certified Information Systems Security Professional
CISA – Certified Information Systems Auditor
CRISC – Certified in Risk and Information Systems Control
CCSP – Certified Cloud Security Professional
OSCP – Offensive Security Certified Professional
GCIH – GIAC Certified Incident Handler
Key Skills and Attributes
Excellent written and verbal communication skills for audit responses and executive reporting.
Strong organizational and documentation abilities with exceptional attention to detail.
Demonstrated success driving cross‑functional collaboration.
Self‑directed with a proactive mindset for improving security and compliance posture.
We offer an excellent compensation and benefits package.
EOE
#J-18808-Ljbffr