Senior Compliance Automation Engineer

We are seeking a Cybersecurity Compliance Engineer to serve as a technical leader and strategic driver within our Cyber Risk and Compliance Team. This is a high-impact, highly autonomous role designed for a professional who bridges the gap between hands-on systems operations and enterprise-level governance.

In this role, you will not just run compliance checklists; you will identify systemic organisational problems, design technical and process-driven solutions, and lead cross-functional modernisation projects with minimal supervision. You will champion the transition from manual, point-in-time compliance to automated, continuous compliance monitoring across the enterprise.

Strategic Initiative Ownership & Project Management

• Drive End-to-End Projects: Lead complex, multi-department modernisation initiatives from initial strategy through architectural design and execution. Own project schedules, resource planning, and milestone tracking.

• Autonomous Execution: Proactively identify gaps in our current compliance, security posture, and automation capabilities. Formulate and roll out strategic remediation plans with minimal oversight.

• Change Management: Lead enterprise-wide rollouts of new security policies, tooling, and baseline configurations, ensuring smooth adoption across technical and non-technical business units.

Compliance Automation & Technical GRC Engineering

• Build Continuous Monitoring Pipelines: Architect and implement automated control evidence ingestion pipelines, integrating data from AWS/Azure, identity platforms, and endpoint management tools into our GRC platform. Operationalise AI models trained for compliance.

• Policy-as-Code & Engineering Standards: Translate regulatory, policy, and control requirements into technical designs. Collaborate with engineering and DevOps to operationalise policy-as-code and automated guardrails.

• Control Mapping & Framework Management: Direct the operational mapping of security controls across NIST SP 800-171, CMMC (Levels 2 & 3), ISO 27001, Sarbanes-Oxley, Cyber Essentials, et al.

Leadership & Cross-Functional Influence

• Technical Mentorship: Act as a subject matter expert and mentor to team members, setting technical and operational excellence standards for the Cyber Risk and Compliance Team.

• Cross-Functional Collaboration: Partner with Cybersecurity Engineering, IT Operations, and Cloud Infrastructure teams to resolve complex security challenges and ensure cohesive implementation of compliance standards.

• Risk Reporting: Translate complex, technical risk data into executive-ready reports, ensuring leadership has clear visibility into cumulative risk, trends, and mitigation priorities.

Required Qualifications

• Systems & Infrastructure Foundation: 5+ years of experience in enterprise IT operations (e.g., Senior Help Desk, Systems Administration, or Security Operations). Deep understanding of IAM, Active Directory, cloud environments, and endpoint security.

• GRC Experience: 3+ years of technical GRC experience mapping and operationalising controls under frameworks like NIST SP 800-171, CMMC, or ISO 27001.

• Project Management & Autonomy: Proven track record of independently managing and executing technical projects. Ability to navigate ambiguity, define project scope, and lead cross-functional stakeholders without direct authority.

• Problem-Solving & Strategic Impact: Demonstrated ability to analyse systemic business and technical challenges, formulate long-term strategic solutions, and execute rollouts that improve enterprise-wide security posture.

• Automation Familiarity: Experience using and integrating GRC platforms, combined with basic scripting knowledge to support automation efforts.

• Ability to obtain and maintain a US Secret security clearance