IT Security and Compliance Engineer

Overview

We are recruiting for an IT Security & Compliance Engineer to join our growing Technology function and play a key role in shaping the firm’s security posture. This role is perfect for someone with an infrastructure background who is eager to deepen their expertise in security, governance, and modern cloud technologies. You will work at the heart of the firm’s security operations, taking ownership of daily, weekly, and monthly checks, managing 1st and 2nd line security tickets, monitoring SIEM activity, and supporting phishing and other security assurance tests.

You’ll collaborate closely with our IT Security Officer and wider technical teams, helping to analyse outputs, recommend improvements, and contribute to a proactive and continually improving security environment.

As part of our move to cloud technologies, you’ll have the opportunity to get hands on with new tools and platforms, helping to shape how they are implemented and embedded across the firm. You will also support the review of change control documentation, maintain strong housekeeping across Active Directory and other applications, and develop meaningful reporting and dashboards using Power BI to provide insights into security performance, compliance posture, and wider IT risks.

The role is highly collaborative, offering the chance to bounce ideas within the team, support ongoing improvement initiatives, and work alongside colleagues across IT and the wider business.

A core part of this position involves supporting and maintaining our compliance frameworks, including ISO 27001 and Cyber Essentials Plus. You’ll be involved in maintaining policies and procedures, supporting audits and assessments, assisting with client assurance and supplier security reviews, and helping to embed security awareness throughout the firm. Full training is available, giving you the opportunity to grow into an ISO 27001 expert while deepening your understanding of governance, risk, and compliance.

You’ll provide clear and effective security guidance, engage with internal and external stakeholders, and play an important role in ensuring the firm meets its information security objectives.

This is a fantastic opportunity for someone who not only enjoys hands on security operations but also wants exposure to governance, compliance, cloud security and continuous improvement projects. With access to new technologies, development opportunities, and a collaborative team environment, this role offers a strong pathway for progression into senior engineering, cloud security, or governance focused positions.

• Conduct daily, weekly, and monthly threat intelligence and security checks, distributing results as required.
• Manage internal SIEM / Defender alerts, IT security incident tickets, and elevate issues promptly.
• Assist in scheduling and monitoring security tests using the Firm’s security tools, analysing outputs and recommending improvements.
• Ensure good housekeeping standards are maintained across Active Directory and supporting applications.

• Maintain and update the Firm’s ISO 27001 policies and procedures, ensuring alignment with ISO 27001 controls and ISO 27002 guidance.
• Support planning and delivery of the Firm’s Cyber Essentials Plus certification activities.
• Provide monthly account management reports to the IT Security Officer.
• Support the Firm’s supplier security assurance process.

• Ensure Microsoft and non Microsoft security updates are patched in line with Firm standard SLAs.
• Monitor patching compliance and collaborate with IT teams to resolve gaps.

• Provide support in the Firm’s client bid and tender process, contributing security-related documentation and responses.

• Assess new suppliers against Walker Morris policies and procedure.
• Provide risk assessment reports to stakeholders.
• Manage the Contract Database when new suppliers are onboarded.

• Provide security guidance to the Service Desk where appropriate.
• Manage 1st line security tickets and elevate to relevant internal teams…