​This is a full-time Information Security Engineer role at Akerman, a premier law firm, seeking a technically adept professional to thrive at the intersection of security engineering, governance, and client assurance. The ideal candidate will lead and maintain the organization’s ISO 27001 and SOC 2 Type II programs, manage client security audits, and automate processes using AI-powered GRC platforms.

• ​Location: Miami, FL, USA.
• ​Experience: 7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
• ​Core Focus: Implementing and maintaining ISO 27001 ISMS and SOC 2 Type II (Security, Availability, Confidentiality principles), managing client audit responses, and performing vendor risk management.
• ​Tools: Proficiency with AI-powered GRC automation platforms (e.g., Archer, Drata, Vanta).

​Key Responsibilities: Governance, Assurance, and Engineering

​The engineer drives compliance programs, manages assurance activities with clients and vendors, and supports security operations.

• ​Compliance Leadership: Lead and maintain the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
• ​Audit Response: Coordinate and respond to client security audits and vendor security assessments, ensuring timely and accurate delivery of evidence. Work closely with internal teams (Legal, HR, IT) to track remediation.
• ​GRC Automation: Use AI-powered GRC tools (Drata, Vanta, Archer) to automate control monitoring, risk assessments, and compliance reporting.
• ​Policy & Standards: Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
• ​Vendor Risk: Participate in third-party vendor reviews, performing due diligence and tracking remediation activities.
• ​Security Support: Support cloud and on-premises security posture improvement across AWS, Azure, and/or GCP environments, and support the full incident response process.

​Desired Qualifications and Framework Knowledge

​The role requires extensive experience with major regulatory frameworks and security assurance processes.

• ​Required Experience: Hands-on experience implementing or maintaining ISO 27001 and SOC 2 Type II. Proven experience responding to client security questionnaires and conducting vendor security assessments.
• ​Framework Expertise: Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
• ​System Knowledge: Strong understanding of SIEM, EDR, vulnerability management, and access control systems.
• ​Preferred Certifications (Any Combination): CISSP, CISA, CRISC, CCSP, OSCP, GCIH.