Junior IT Compliance & Assurance Specialist in Bristol

This is a hands-on technical role in Ecosurety's IT team, focused on the day-to-day operational maintenance of our security posture, governance controls, and Business Continuity and Disaster Recovery (BCDR) programme. We are looking for a practical, detail-oriented technologist who enjoys the essential work of verifying controls in the real world. The successful candidate will be the checker who ensures our controls are not just documented, but verified, tested, and working.

Ecosurety is an industry leading company of 95+ people, based in the heart of Bristol's vibrant city centre, with a mission to accelerate change towards an environmentally and socially sustainable world. Our clients are many of the UK big brands and retailers, often facing particularly big challenges over their use of packaging. We are a Certified B Corp, committed to balancing profit with our social and environmental impact.

Job Description:

• Own the technical runbooks for our BCDR plan - ensuring backup, restoration, and off-site procedures are regularly tested and documented.
• Manage and resolve IT governance tasks flowing from Vanta, our compliance automation platform, maintaining a green status across all IT controls.
• Conduct regular access and identity reviews; enforce multi-tenant data isolation and least-privilege principles.
• Support audit readiness against NCSC Cyber Assessment Framework (CAF), CSA CAIQ, NIST, and our roadmap towards SOC 2.
• Establish and track quantifiable technical baselines - encryption coverage, log retention, API compliance (OWASP) and source-code analysis checks.
• Verify data input/output integrity routines across critical business systems.
• Turn high-level policies into step-by-step operational checklists and repeatable procedures for the IT team.

Person Specification:

• Broad exposure to IT operations, DevOps principles, or a related technical discipline.
• Familiarity with one or more governance frameworks (ISO 27001, NCSC CAF, NIST, SOC 2 or similar) - you do not need to be an expert in all of them.
• Process-driven mindset - able to translate policy into repeatable technical checklists.
• Strong communicator - comfortable writing clear evidence documentation for internal and client audits.

We do not recruit based only on skills. We give equal weight to behaviours and the successful candidate must be well aligned with the Ecosurety Values Framework. Specifically, we will be looking for examples of: Responsibility; Diligence; Clarity.

Package:

• c. £45,000 per year
• 12 month fixed term, full-time contract (would consider some flexibility for the right candidate)
• 28 days holiday plus 8 bank holidays
• 5 x salary life insurance, 7% employer pension contribution, up to 10% bonus, employee health cash plan, paid sick leave, critical illness cover, 2 weeks workcation, options to buy additional holiday or unpaid leave, 3 days volunteer leave, happy to talk flexible working, remote working, wellbeing support, great office location, £250 home working set up payment.
• Hybrid working: Employees are expected to work with colleagues (primarily at the office) at least 50% of the month.

Ecosurety offers a working environment that enables our team to perform at their best, with flexible hours, remote working options, access to training and employee benefits. We focus on outputs, rather than work location or hours. If you are well organised, enjoy working with others and eager to make a meaningful contribution, please get in touch!

We are an Equal Opportunities employer and welcome applications from all. We embrace flexibility and diversity in the workplace and aim to create a working environment in which all individuals can make best use of their skills, free from discrimination, harassment or bullying.

We reserve the right to bring forward the closing date of any of our job vacancies if we receive a suitable number of high-quality applications from which to make a shortlist. Therefore, we recommend that you apply for one of our roles as soon as possible rather than wait until the published closing date.