Information Security and Compliance Engineer

About Engineered Arts

Since 2004, Engineered Arts has been at the forefront of robotics, creating lifelike social humanoids that have captivated audiences worldwide. Our vision is to revolutionize the human experience through embodied AI, loved and trusted in every home.

Engineered Arts is seeking an Information Security Engineer to own the technical and operational execution of information security and cybersecurity compliance across products, cloud infrastructure, internal systems, and Robot-as-a-Service (RaaS) platforms. Reporting to the Head of Compliance, this role is responsible for implementing, operating, and maintaining security controls, supporting certification to ISO 27001, SOC 2, and other relevant security frameworks, and embedding security‑by‑design into engineering, IT, and product operations as the business scales globally.

This is a hands‑on role with clear operational ownership of information security BAU, working closely with engineering, Dev Ops and IT, product management, and external auditors.

• Implement, operate, and maintain the Information Security Management System (ISMS) aligned to ISO 27001.
• Maintain risk assessments, risk registers, Statements of Applicability, and control mappings.
• Collect, manage, and present evidence for ISO 27001 certification and surveillance audits.
• Support SOC 2 readiness, control operation, evidence gathering, and audit coordination.

• Implement and maintain security controls across:
• Cloud infrastructure and internal IT systems
• Robotics platforms, operating systems, and supporting services
• eCommerce, RaaS, and customer‑facing platforms. Work with engineering teams to embed security‑by‑design into system architecture, development pipelines, and operational workflows.
• Support secure configuration, logging, monitoring, and access control practices.

• Operate vulnerability management processes including:
• CVE monitoring and triage
• Patch management coordination
• Tracking and closure of remediation actions
• Coordinate penetration testing and security assessments across products, platforms, and infrastructure.
• Maintain incident response documentation, support tabletop exercises, and assist with post‑incident reviews.

• Support identity and access management (IAM) compliance including:
• Role‑based access control
• Quarterly access reviews
• MFA/2FA enforcement
• Support encryption, key management, backup, and recovery controls.
• Work with compliance and legal stakeholders on data protection and privacy‑related security controls.

• Conduct security assessments of suppliers, cloud providers, and third parties.
• Review security documentation, certifications, and contractual security requirements.
• Track third‑party security risks and remediation activities.

• Maintain security policies, procedures, standards, and technical evidence.
• Support internal audits, external certification audits, and customer security due diligence requests.
• Ensure security documentation remains current, controlled, and audit‑ready.

• Support delivery of security awareness and role‑specific training.
• Act as a trusted security partner to engineering, IT, and product teams.
• Promote pragmatic security that enables innovation while managing risk.

• Experience in information security engineering, security operations, or security compliance roles.
• Practical exposure to ISO 27001 and/or SOC 2 in a technology‑driven organisation.
• Working knowledge of cloud, infrastructure, and application security controls.
• Experience with vulnerability management, penetration testing, and incident response.
• Ability to translate security and compliance requirements into practical technical controls.
• Experience working with engineers, IT teams, internal non‑technical staff and external auditors.

• Reports directly to the Head of Compliance.
• Acts as the operational owner for information security and cybersecurity BAU.
• Escalates strategic, high‑risk, or novel security issues appropriately.

• Highly organised, methodical, and evidence‑driven.
• Comfortable operating autonomously as the day‑to‑day security owner.
• Calm and structured during audits and security incidents.
• Sound judgement in balancing security, usability, and delivery pace.

This role is ideal for an Information Security Engineer who wants clear ownership, hands‑on impact, and the opportunity to build security foundations that support the safe scaling of advanced robotics, AI platforms, and global services.