Information Security Engineer na Akerman LLP

Founded in 1920, Akerman is recognized as one of the nation’s premier law firms, with more than 700 lawyers across the United States.

Akerman is seeking an experienced and motivated Information Security Engineer with a strong background in compliance frameworks, client audit response, and vendor risk management. The ideal candidate will have hands-on experience implementing and maintaining ISO 27001 and SOC 2 Type II compliance (Security, Availability, and Confidentiality trust service principles) and will be proficient with AI-powered GRC automation platforms such as Archer, Drata, or Vanta. This position is ideal for a technically adept, compliance-minded professional who thrives at the intersection of security engineering, governance, and client assurance.

Key Responsibilities:

• Lead and maintain the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
• Implement and manage harmonized technical and administrative controls aligned:

1. The ISO 27001 Annex A requirements
2. The SOC2 Type II report, with the following Trust Service Principles

1. Security
2. Availability
3. Confidentiality trust service principles

• Coordinate and respond to client security audits and vendor security assessments, ensuring timely and accurate delivery of evidence and documentation.
• Work closely with internal teams (IT, Legal, Practice Groups, HR) to respond to client audits, track remediation, document control maturity, and ensure policy adherence.
• Use AI-powered GRC tools such as Drata, Vanta, and Archer to automate control monitoring, risk assessments, and compliance reporting.
• Support the incident response process, including planning, identification, containment, eradication, recovery and lessons learned.
• Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
• Participate in third-party vendor reviews, performing due diligence and tracking remediation activities.
• Support cloud and on-premises security posture improvement across AWS, Azure, and/or GCP environments.
• Provide subject-matter expertise during external audits and risk assessments.

Desired Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field or equivalent experience.
• 7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
• Hands-on experience implementing or maintaining ISO 27001 and SOC 2 Type II (Security, Availability, Confidentiality).
• Proven experience responding to client security questionnaires and conducting vendor security assessments.
• Proficiency with AI-driven GRC automation tools (e.g., Archer, Drata, Vanta, or similar).
• Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
• Strong understanding of SIEM, EDR, vulnerability management, and access control systems.

Preferred Certifications (any Combination of):

• CISSP – Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor
• CRISC – Certified in Risk and Information Systems Control
• CCSP – Certified Cloud Security Professional
• OSCP – Offensive Security Certified Professional
• GCIH – GIAC Certified Incident Handler

Key Skills and Attributes:

• Excellent written and verbal communication skills for audit responses and executive reporting.
• Strong organizational and documentation abilities with exceptional attention to detail.
• Demonstrated success driving cross-functional collaboration.
• Self-directed with a proactive mindset for improving security and compliance posture.

We offer an excellent compensation and benefits package. Please submit your resume and salary requirements. EOE

#LI-LS1