Logo
Akerman LLP

Information Security Engineer

Akerman LLP, Miami

Save Job

Information Security Engineer

Akerman LLP, founded in 1920, seeks an experienced Information Security Engineer to lead ISO 27001 and SOC 2 Type II compliance, govern vendor risk, and automate control monitoring using AI‑powered GRC tools such as Archer, Drata, or Vanta.

Key Responsibilities

  • Lead the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
  • Implement and manage harmonized technical and administrative controls aligned with ISO 27001 Annex A and SOC 2 Type II Trust Service Principles (Security, Availability, Confidentiality).
  • Coordinate and respond to client security audits and vendor security assessments, delivering evidence and documentation on time.
  • Work closely with internal teams (IT, Legal, Practice Groups, HR) to track remediation, document control maturity, and enforce policy adherence.
  • Use AI‑powered GRC tools such as Drata, Vanta, and Archer to automate control monitoring, risk assessments, and compliance reporting.
  • Support the incident response process, including planning, identification, containment, eradication, recovery, and lessons learned.
  • Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
  • Participate in third‑party vendor reviews, performing due diligence and tracking remediation activities.
  • Support cloud and on‑premises security posture improvement across AWS, Azure, and/or GCP environments.
  • Provide subject‑matter expertise during external audits and risk assessments.

Desired Qualifications

  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience).
  • 7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
  • Hands‑on experience implementing or maintaining ISO 27001 and SOC 2 Type II (Security, Availability, Confidentiality).
  • Proven experience responding to client security questionnaires and conducting vendor security assessments.
  • Proficiency with AI‑driven GRC automation tools (e.g., Archer, Drata, Vanta, or similar).
  • Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
  • Strong understanding of SIEM, EDR, vulnerability management, and access control systems.

Preferred Certifications

  • CISSP – Certified Information Systems Security Professional
  • CISA – Certified Information Systems Auditor
  • CRISC – Certified in Risk and Information Systems Control
  • CCSP – Certified Cloud Security Professional
  • OSCP – Offensive Security Certified Professional
  • GCIH – GIAC Certified Incident Handler

Key Skills and Attributes

  • Excellent written and verbal communication skills for audit responses and executive reporting.
  • Strong organizational and documentation abilities with exceptional attention to detail.
  • Demonstrated success driving cross‑functional collaboration.
  • Self‑directed with a proactive mindset for improving security and compliance posture.

We offer an excellent compensation and benefits package.

EOE

#J-18808-Ljbffr