Requirements

3+ years experience with compliance audits and prior UK Government compliance and audit experience (MOD JSP application, Secure by Design, NIST 800-53, and UK Government ATOs, etc.)
Deep understanding of on-premises infrastructure and security concepts
Experience successfully supporting security and compliance efforts in complex on-premises data centres
Experience performing technical assessments in direct support of compliance efforts
Experience developing security and risk assessment plans and related documentation
Ability to clearly convey compliance requirements to internal engineering teams and associated implementation to external customers using effective written and verbal communication skills
Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Nessus SecurityCenter, Burp, Jira, Splunk, etc.)
Willingness and eligibility to obtain a UK security clearance

Core Responsibilities

Partner with engineers to interpret and map compliance requirements to control implementation and assist with product architecture.
Directly facilitate operational and regulatory outcomes across our UK government client portfolio, including Secure by Design adherence, MOD JSP compliance and continuous monitoring.
Develop and deliver evidence to meet regulatory compliance audits across the UK government client portfolio.
Propose and implement ideas for operation improvements and facilitate automation for procedural compliance controls.
Guide technical and operational decision-making towards future product offerings and efficient organisational processes.
Evaluate and advise the business on new and evolving UK Government certification programs, requirements, and technologies.
Manage and participate in audits, as appropriate.