Job Description

Veritas Automata is a technology consulting and software development company dedicated to delivering innovative solutions that drive business success. We combine expertise in automation, AI, and advanced technology to enhance operational efficiency and streamline complex processes. Our teams build modern, intelligent, and scalable solutions that empower clients across regulated industries, enterprise platforms, and next-generation AI ecosystems. We are committed to innovation, ownership, and delivering measurable outcomes for our clients and partners.

Yuxi Global, powered by Veritas Automata, is a South America-based delivery and talent entity that supports Veritas Automata’s global delivery model. We specialize in providing comprehensive solutions, including turnkey enterprise-grade application development, managed development teams, staff augmentation, and strategic consulting via our Veritas Automata Services Team.

Security Compliance Program Manager senior-level security, audit, and compliance professional responsible for supporting the development, implementation, and operationalization of SOC 2, ISO 27001:2022, NIST CSF, and related security procedures for client environments. This role is intended for an experienced professional with 10–16 years of progressive experience across information security, IT audit, cyber risk management, compliance frameworks, technical controls, and stakeholder-driven implementation. The Cyber Security Engineer (L7) will work alongside an existing long-term consultant to transform audit requirements, security controls, documented procedures, evidence collection processes, user-awareness initiatives, and internal-audit findings into sustainable operational practices. The ideal candidate will possess hands-on experience with SOC 2 Type 1 and Type 2 audits, ISO 27001 implementation and certification readiness, internal audit support, control mapping, evidence management, process documentation, KPI tracking, security-awareness programs, change management, and security governance. This role will collaborate closely with client leadership, security stakeholders, HR, Finance, Operations, Engineering, Technology, Business Development, Purchasing, and international business units to advance security maturity and certification readiness.

Qualifications

• 10–16 years of professional experience in cybersecurity, information security, IT audit, GRC, risk management, infrastructure security, security engineering, or related disciplines.
• Hands-on experience supporting SOC 2 Type 1 and/or Type 2 audits, including control documentation, evidence collection, auditor interaction, remediation planning, and recurring control operation.
• Strong working knowledge of ISO 27001, including ISO 27001:2022 requirements, Annex A controls, internal audits, risk treatment, documented information, and management-system practices. 6 Page 5 Confidential - Copyright © 2026, Veritas Automata, LLC - Yuxi Global, All Rights.
• Experience aligning security programs with frameworks such as NIST CSF, CIS Controls, ISO 31000, ISO 22301, HIPAA, HITRUST, PCI DSS, GDPR, LGPD, or DFARS-related requirements.
• Demonstrated ability to create and operationalize policies, procedures, standards, control narratives, process documentation, and evidence-management workflows.
• Experience working with cross-functional business and technology stakeholders to obtain audit evidence, drive process adoption, and close control gaps.
• Strong understanding of technical security domains, including:

1. Access Control
2. Identity and Access Management (IAM) 2
3. Vulnerability Management
4. Incident Response
5. Change Management
6. Logging and Monitoring
7. Endpoint Security
8. Network Security
9. Cloud Security
10. Business Continuity

• Experience working directly with senior stakeholders and control owners to improve security maturity and track measurable progress.
• Practical experience using Jira, Confluence, spreadsheets, dashboards, or GRC platforms to manage audit readiness, KPIs, findings, and remediation plans.
• Strong written and verbal communication skills in English.