Information Security and Compliance Engineer

Engineered Arts is seeking an Information Security and Compliance Engineer to own the technical and operational execution of information security and cybersecurity compliance across products, cloud infrastructure, internal systems, and Robot-as-a-Service (RaaS) platforms.

Reporting to the Head of Compliance, this role is responsible for implementing, operating, and maintaining security controls, supporting certification to ISO 27001, SOC 2, and other relevant security frameworks, and embedding security‑by‑design into engineering, IT, and product operations as the business scales globally.

This is a hands‑on role with clear operational ownership of information security BAU, working closely with engineering, Dev Ops and IT, product management, and external auditors.

This job can be worked remotely with bi‑monthly visits to the London (Farringdon) office

• Implement, operate, and maintain the Information Security Management System (ISMS) aligned to ISO 27001.
• Maintain risk assessments, risk registers, Statements of Applicability, and control mappings.
• Collect, manage, and present evidence for ISO 27001 certification and surveillance audits.
• Support SOC 2 readiness, control operation, evidence gathering, and audit coordination.

• Implement and maintain security controls across:
• Cloud infrastructure and internal IT systems
• Robotics platforms, operating systems, and supporting services
• eCommerce, RaaS, and customer‑facing platforms
• Work with engineering teams to embed security‑by‑design into system architecture, development pipelines, and operational workflows.
• Support secure configuration, logging, monitoring, and access control practices.

• Operate vulnerability management processes including:
• CVE monitoring and triage
• Patch management coordination
• Tracking and closure of remediation actions
• Coordinate penetration testing and security assessments across products, platforms, and infrastructure.
• Maintain incident response documentation, support tabletop exercises, and assist with post‑incident reviews.

• Support identity and access management (IAM) compliance including:
• Role‑based access control
• Quarterly access reviews
• MFA/2FA enforcement
• Support encryption, key management, backup, and recovery controls.
• Work with compliance and legal stakeholders on data protection and privacy‑related security controls.

• Conduct security assessments of suppliers, cloud providers, and third parties.
• Review security documentation, certifications, and contractual security requirements.
• Track third‑party security risks and remediation activities.

• Maintain security policies, procedures, standards, and technical evidence.
• Support internal audits, external certification audits, and customer security due diligence requests.
• Ensure security documentation remains current, controlled, and audit‑ready.

• Support delivery of security awareness and role‑specific training.
• Act as a trusted security partner to engineering, IT, and product teams.
• Promote pragmatic security that enables innovation while managing risk.

• Hands‑on experience in information security engineering, security operations, or security compliance roles.
• Practical experience operating an ISO 27001 aligned ISMS, including risk management and audit evidence.
• Working knowledge of cloud, infrastructure, and application security controls.
• Experience with vulnerability management and incident response.
• Ability to translate security and compliance requirements into practical technical controls.
• Experience working with engineering, IT, non‑technical stakeholders, and external auditors.
• Strong documentation and evidence management skills.

• Experience with SOC 2 or multi‑framework security environments.
• Exposure to product, platform, or robotics/embedded security.
• Familiarity with IAM, data protection, and privacy‑related controls.
• Experience with supplier and third‑party…