Senior Security Engineer II

Responsibilities Audit & Compliance Program Ownership Lead end-to-end audits across multiple frameworks, including ISO/IEC 27001, SOC 1/2 (AICPA Trust Services Criteria), Cyber Essentials, and NIST-based frameworks (including identity controls aligned to NIST SP 800-63) Own the full audit lifecycle, including scoping, readiness assessments, control design, evidence collection, auditor coordination, and remediation tracking Act as a primary owner for the organization’s audit and compliance program, setting direction for control design, audit readiness, and continuous compliance practices Map and rationalize controls across frameworks (e.g., ISO ↔ SOC ↔ NIST) to reduce duplication and improve efficiency Compliance as Code & Automation Implement compliance-as-code practices, embedding security controls into infrastructure and application workflows using policy-as-code and automation Partner with engineering teams to integrate compliance checks into CI/CD pipelines and cloud environments to enable continuous compliance monitoring Partner with security and engineering teams to design and embed scalable, automated, audit-aligned controls directly into systems and workflows Leverage APIs and integrations within GRC platforms and engineering systems to automate evidence collection and control validation GRC Platform & Control Management Administer and optimize a GRC platform (e.g., AuditBoard, Drata, Vanta), including control management, automated evidence collection, risk register maintenance, and audit workflows Maintain audit-ready documentation with clear traceability between controls, risks, and supporting evidence Strategy, Metrics & Continuous Improvement Influence security and engineering teams to adopt scalable, audit-aligned control implementations Define and track compliance metrics, leveraging automation and data analytics to support continuous audit readiness and control effectiveness Drive continuous improvement initiatives across the security and compliance program Develop and maintain policies, standards, and procedures aligned with evolving regulatory and security requirements Support identity and access management controls aligned with NIST SP 800-63 (Digital Identity Guidelines) Provide guidance and training to internal stakeholders on audit expectations and control responsibilities · All other duties as assigned Requirements· Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related technical field, or equivalent practical experience· 5+ years of experience in security, compliance, or audit-focused engineering roles· Hands-on experience implementing compliance-as-code or automated compliance frameworks, including policy-as-code, continuous control monitoring, or automated evidence collection Proven experience leading ISO/IEC 27001 and SOC 2 audits end-to-end· Experience supporting or leading additional frameworks such as Cyber Essentials, NIST, or similar Strong understanding of NIST SP 800-63 and identity/authentication controls Hands-on experience with a GRC platform (AuditBoard, Drata, Vanta, or similar) — required Experience with control frameworks, risk assessments, and evidence-based auditing Ability to translate technical implementations into audit-ready controls and documentation Strong stakeholder management and auditor-facing communication skills Experience in cloud-native or SaaS environments (AWS, Azure, or GCP preferred) Preferred Qualifications Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor Experience scaling compliance programs in high-growth environments Familiarity with policy-as-code tools (e.g., OPA/Rego, AWS Config, Azure Policy) and infrastructure-as-code (e.g., Terraform, CloudFormation) Experience integrating security and compliance controls into CI/CD pipelines and cloud-native environments U.S. National Base Pay Range: $95,300 - $158,800. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus. We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120. Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here. Please read our Candidate Privacy Policy. We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights. RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive. Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions. Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.