UKG Compliance Engineer
London, United KingdomFull-TimeMid-levelSoftware Engineering
Core Responsibilities
- Partner with engineers to interpret and map compliance requirements to control implementation and assist with product architecture.
- Directly facilitate operational and regulatory outcomes across our UK government client portfolio, including Secure by Design adherence, MOD JSP compliance and continuous monitoring.
- Develop and deliver evidence to meet regulatory compliance audits across the UK government client portfolio.
- Propose and implement ideas for operational improvements and facilitate automation for procedural compliance controls.
- Guide technical and operational decision-making towards future product offerings and efficient organisational processes.
- Evaluate and advise the business on new and evolving UK Government certification programmes, requirements, and technologies.
- Manage and participate in audits, as appropriate.
What We Value
- Deep understanding of on-premises infrastructure and security concepts
- Experience working directly with the UK Ministry of Defence or other government departments
- Experience successfully supporting security and compliance efforts in complex on-premises data centres
- Experience performing technical assessments in direct support of compliance efforts
- Experience developing security and risk assessment plans and related documentation
- Ability to clearly convey compliance requirements to internal engineering teams and associated implementation to external customers using effective written and verbal communication skills
- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Nessus SecurityCenter, Burp, Jira, Splunk, etc.)
- Knowledge of cloud security compliance (AWS, Azure, GCP)
- Understanding of DevSecOps practices and secure software development lifecycles
What We Require
- 3+ years’ experience with compliance audits and prior UK Government compliance and audit experience (MOD JSP application, Secure by Design, NIST 800-53, and UK Government ATOs, etc.)
- Current UK security clearance (SC or DV level)
- Relevant professional certifications (CIPM, CIPP/E, CRISC, CISSP, or similar)
- Familiarity with data protection compliance tools and GRC platforms
