Junior IT Compliance & Assurance Specialist
This is a hands-on technical role in Ecosurety's IT team, focused on the day-to-day operational maintenance of our security posture, governance controls, and Business Continuity and Disaster Recovery (BCDR) programme. We are looking for a practical, detail-oriented technologist who enjoys the essential work of verifying controls in the real world. The successful candidate will be the checker who ensures our controls are not just documented, but verified, tested, and working.Ecosurety is an industry leading company of 95+ people, based in the heart of Bristol’s vibrant city centre, with a mission to accelerate change towards an environmentally and socially sustainable world. Our clients are many of the UK big brands and retailers, often facing particularly big challenges over their use of packaging. We are a Certified B Corp, committed to balancing profit with our social and environmental impact. If this sounds like your sort of place, we hope to hear from you soon.Job Description
- Own the technical runbooks for our BCDR plan - ensuring backup, restoration, and off-site procedures are regularly tested and documented
- Manage and resolve IT governance tasks flowing from Vanta, our compliance automation platform, maintaining a green status across all IT controls
- Conduct regular access and identity reviews; enforce multi-tenant data isolation and least-privilege principles
- Support audit readiness against NCSC Cyber Assessment Framework (CAF), CSA CAIQ, NIST, and our roadmap towards SOC 2
- Establish and track quantifiable technical baselines - encryption coverage, log retention, API compliance (OWASP) and source-code analysis checks
- Verify data input/output integrity routines across critical business systems
- Turn high-level policies into step-by-step operational checklists and repeatable procedures for the IT team
- Broad exposure to IT operations, DevOps principles, or a related technical discipline.
- Familiarity with one or more governance frameworks (ISO 27001, NCSC CAF, NIST, SOC 2 or similar) - you do not need to be an expert in all of them
- Process-driven mindset - able to translate policy into repeatable technical checklists
- Strong communicator - comfortable writing clear evidence documentation for internal and client audits
- c. £45,000 per year
- 12 month fixed term, full-time contract (would consider some flexibility for the right candidate)
- 28 days holiday plus 8 bank holidays
- 5 x salary life insurance, 7% employer pension contribution, up to 10% bonus, employee health cash plan, paid sick leave, critical illness cover, 2 weeks workcation, options to buy additional holiday or unpaid leave, 3 days volunteer leave, happy to talk flexible working, remote working, wellbeing support, great office location, £250 home working set up payment.
- Hybrid working: Employees are expected to work with colleagues (primarily at the office) at least 50% of the month