Information Security and Compliance Engineer

About Engineered Arts

Since 2004, Engineered Arts has been at the forefront of robotics, creating lifelike social humanoids that have captivated audiences worldwide. Our vision is to revolutionize the human experience through embodied AI, loved and trusted in every home.

Engineered Arts is seeking an Information Security Engineer to own the technical and operational execution of information security and cybersecurity compliance across products, cloud infrastructure, internal systems, and Robot-as-a-Service (RaaS) platforms.

Reporting to the Head of Compliance, this role is responsible for implementing, operating, and maintaining security controls, supporting certification to ISO 27001, SOC 2, and other relevant security frameworks, and embedding security by design into engineering, IT, and product operations as the business scales globally.

This is a hands on role with clear operational ownership of information security BAU, working closely with engineering, DevOps and IT, product management, and external auditors.

Key Responsibilities Information Security and ISMS Operations

• Implement, operate, and maintain the Information Security Management System (ISMS) aligned to ISO 27001.
• Maintain risk assessments, risk registers, Statements of Applicability, and control mappings.
• Collect, manage, and present evidence for ISO 27001 certification and surveillance audits.
• Support SOC 2 readiness, control operation, evidence gathering, and audit coordination.

Security Controls and Engineering Integration

• Implement and maintain security controls across:
• • Cloud infrastructure and internal IT systems
  • Robotics platforms, operating systems, and supporting services
• eCommerce, RaaS, and customer facing platforms
  Work with engineering teams to embed security by design into system architecture, development pipelines, and operational workflows.
• Support secure configuration, logging, monitoring, and access control practices.

Vulnerability and Incident Management

• Operate vulnerability management processes including:
• • CVE monitoring and triage
  • Patch management coordination
  • Tracking and closure of remediation actions
• Coordinate penetration testing and security assessments across products, platforms, and infrastructure.
• Maintain incident response documentation, support tabletop exercises, and assist with post incident reviews.

Identity, Access and Data Security

• Support identity and access management (IAM) compliance including:
• • Role based access control
  • Quarterly access reviews
  • MFA/2FA enforcement
• Support encryption, key management, backup, and recovery controls.
• Work with compliance and legal stakeholders on data protection and privacy related security controls.

Supplier and Third Party Security

• Conduct security assessments of suppliers, cloud providers, and third parties.
• Review security documentation, certifications, and contractual security requirements.
• Track third party security risks and remediation activities.

Audits, Documentation and Governance

• Maintain security policies, procedures, standards, and technical evidence.
• Support internal audits, external certification audits, and customer security due diligence requests.
• Ensure security documentation remains current, controlled, and audit ready.

Security Awareness and Compliance Culture

• Support delivery of security awareness and role specific training.
• Act as a trusted security partner to engineering, IT, and product teams.
• Promote pragmatic security that enables innovation while managing risk.

Required Experience and Expertise

• Experience in information security engineering, security operations, or security compliance roles.
• Practical exposure to ISO 27001 and/or SOC 2 in a technology driven organisation.
• Working knowledge of cloud, infrastructure, and application security controls.
• Experience with vulnerability management, penetration testing, and incident response.
• Ability to translate security and compliance requirements into practical technical controls.
• Experience working with engineers, IT teams, internal non technical staff and external auditors.

Reporting and Authority

• Reports directly to the Head of Compliance.
• Acts as the operational owner for information security and cybersecurity BAU.
• Escalates strategic, high risk, or novel security issues appropriately.

Personal Attributes

• Highly organised, methodical, and evidence driven.
• Comfortable operating autonomously as the day to day security owner.
• Calm and structured during audits and security incidents.
• Sound judgement in balancing security, usability, and delivery pace.

Role Fit

This role is ideal for an Information Security Engineer who wants clear ownership, hands on impact, and the opportunity to build security foundations that support the safe scaling of advanced robotics, AI platforms, and global services.