DevSecOps Compliance Analyst in Cambridge

We’re looking for a technically minded compliance professional with a strong understanding of security frameworks and the ability to collaborate effectively within fast-paced engineering environments.

• Strongly knowledgeable in security and compliance frameworks such as ISO 27001, ISO 27018, and SOC 2, with the ability to translate requirements into technical specifications.
• Experienced in conducting or supporting technical audits, security assessments, or compliance evaluations within technology-driven environments.
• Familiar with cloud infrastructure, modern development workflows, and DevOps/DevSecOps practices.
• Comfortable working in fast-moving development environments, balancing compliance requirements with engineering velocity and innovation.
• Confident communicating with both technical and non-technical stakeholders, clearly explaining compliance requirements and discussing technical control implementations.
• Detail-oriented, organised, and proactive in improving compliance processes through automation and technical enablement.

What the job involves:

Join our DevSecOps team, where you’ll play a key role in embedding security and compliance directly into our development processes. Working closely with engineering teams, you’ll help ensure our platforms meet industry and regulatory standards while supporting rapid, high-quality software delivery.

As a DevSecOps Compliance Analyst, you will be embedded directly within development teams, acting as the technical bridge between security compliance frameworks and real-world engineering implementation. You’ll work hands-on with engineers, DevSecOps practitioners, and the Security Compliance team to translate regulatory and industry standards into practical, automated, and scalable technical controls. Your responsibilities will include but not be limited to:

• Translating compliance requirements from standards such as ISO 27001, ISO 27018, CE, and SOC 2 into actionable technical requirements for engineering teams.
• Bridging the gap between compliance frameworks and DevSecOps practices, ensuring requirements are feasible, efficient, and aligned with modern development workflows.
• Collaborating with the Security Compliance team to interpret regulatory expectations and convert them into infrastructure-as-code, CI/CD pipeline controls, and automated security mechanisms.
• Supporting the design and implementation of continuous compliance monitoring through automation, tooling, and integration with existing DevSecOps workflows.
• Working directly with development teams to implement technical controls that meet compliance needs without negatively impacting developer productivity or system performance.
• Identifying and enabling opportunities to automate compliance evidence collection and reporting using existing DevSecOps tools and platforms.
• Supporting the technical implementation of information security risk treatments, including infrastructure hardening, access control mechanisms, logging and monitoring solutions, and incident response capabilities.
• Participating in security architecture reviews, providing compliance-focused technical guidance on design and implementation decisions.
• Maintaining clear and accurate technical documentation of compliance controls, including architecture diagrams, configuration standards, and implementation guides.
• Supporting audits and security assessments by providing technical evidence, demonstrating implemented controls, and explaining system architectures to auditors.