Risk and Compliance Engineering Lead

Location: Remote - United Kingdom / Europe

Salary: Flexible

This is an urgent requirment to identify a seasoned Risk and Compliance Engineering Lead, who will drive the consolidation of existing security and risk control frameworks, allowing the Digital organisation to improve the effectiveness of controls through focusing attention where it’s most needed and driving greater consistency and efficiency in how controls are managed, adding value to the business, allowing for more informed commercial decision-making and the identification of areas where customer and user experience can be improved, whilst limiting risk exposure.

Key Responsibilities

  • Own and responsible for Risk and Compliance management within the 1LOD, limiting 2LOD burdensome and duplicative risk management measures on agility and speed
  • Own and where possible drive security compliance technical and process improvements across the Digital environment, platforms, products, and architecture while mentoring others on security compliance efficiencies
  • Drive and collaborate with Engineering, Product Management, CloudOps, Advanced Analytics, Data Estate, and DevOps to create excellence in the security compliance and assurance programme
  • Ensure, and where necessary build and deliver enterprise-wide security tooling and security automation solutions aiming to drive automation, zero touch “security and compliance-as- code” approach.
  • Own and drive the development and continuous improvement of security compliance defensible metrics
  • Provide actionable and constructive advice to cross-functional teams, to include driving remediation activities


  • Degree or equivalent working experience
  • Experience of defining, building, and shaping compliance programme in a tech, platform, or high velocity environment
  • Demonstrated experience with at least six security control frameworks including ISO2701, SOX, PCIDSS, GDPR, NIST CSF, UK CE+, CIS Controls v8
  • Expert understanding of how compliance works with cloud-native technology stacks as well as working knowledge of modern technology experience (microservices, CI/CD, SAST, DAST)
  • Deep understanding of cloud computing and virtual platforms complemented with good understanding of software development
  • Demonstrated experience of innovative security and compliance approaches to solve complex security, resilience, and compliance challenges
  • Ability to identify weaknesses in processes and implement continual improvements. Experience defining security, resilience, and compliance strategies, and ensuring that committed outcomes are delivered on schedule
  • Experience in public speaking and can hold own in senior-level presentations and discussions
  • Self-starter, able to work with a mix of technical and non-technical clients, and able to operate successfully in an unstructured, fluid environment – comfortable ‘taking a position’ with imperfect or incomplete information
  • Growth mindset, Innovative, detail-oriented, continuous learner, and effective in stressful and challenging environments.