Security and Compliance Engineer

Why apply?: Help Good Growth scale securely by making security and compliance more automated, more visible and more embedded in how our platform operates. Our Mission & Vision
At Good Growth, we help businesses innovate online without being slowed down by outdated technology. Many large companies rely on legacy systems - where others see a limitation, we see an opportunity. Our mission is to tear down barriers to growth, helping brands move fast, innovate boldly and optimise their digital experiences. We combine extraordinary technology with world-class data and insight to deliver results that redefine what's possible in digital commerce. Our proprietary platform, Good Growth Technology (GGT), allows us to build and run digital Experiences on top of our clients' existing technology - helping global brands move faster without unnecessary complexity. As we continue to grow, security and compliance are becoming even more important to how we scale. Our enterprise clients need confidence that our platform, processes and data practices meet the standards they expect. That's where you come in. Why This Role Matters
Security and compliance should help us move faster, not slow us down. As Security & Compliance Engineer, you'll help make sure GGT remains secure, well-evidenced and ready for the expectations of global enterprise clients. This is a hands-on technical role. We're not looking for someone who only writes policies or manages audit spreadsheets. We're looking for someone who can use engineering, automation and practical problem-solving to make compliance part of how our platform operates day to day. You'll help move Good Growth from manual, reactive and audit-led compliance activity towards an always-on, evidence-based and automated way of working. By improving how we monitor, document and demonstrate security and compliance, you'll help reduce friction in client approval processes, support external audits and give teams across Good Growth more confidence when responding to security requirements. Where We Are Now & Our Future Goals
Good Growth is scaling quickly, and our technology is supporting increasingly complex work for enterprise clients. That means we need security and compliance processes that scale with us. We already work with major brands who expect strong assurance around data, security, privacy and platform governance. As we grow, we want to make that assurance easier to evidence, easier to maintain and easier to explain. You'll play a key role in helping us: Build more automated and repeatable compliance processes
Reduce manual audit preparation and repeated evidence gathering
Keep GGT aligned to relevant security, privacy and compliance standards
Support smoother enterprise client onboarding and approval processes
Make security and compliance part of how we build, not something we bolt on afterwards Working Hours & Location
We believe in flexibility - you should work where you do your best work. Hybrid working
Offices in Birmingham and Exeter
Core hours: 10:00am - 3:00pm UK time, with flexible start and finish times
Some office time expected for collaboration, onboarding and key team sessions While we support remote working, we may ask you to be in the office more often during your first few months to help you settle in, understand our platform and build relationships with the teams you'll be working with. You'll Love This Role If You Enjoy:
Solving security and compliance problems with practical technical solutions
Automating manual processes and making things more efficient
Working across engineering, operations, client-facing and leadership teams
Translating technical risk into clear, useful information
Building things from scratch rather than simply maintaining existing processes
Making compliance feel less painful and more scalable
Helping a growing business move faster, safely This Role May Not Be Right For You If:
You prefer purely policy-based compliance work
You don't enjoy hands-on technical problem-solving
You want a role with no stakeholder or client-facing involvement
You prefer fully established processes with little ambiguity
You're uncomfortable working across both technical and non-technical teams What You'll Be Doing
Working as Security & Compliance Engineer at Good Growth will be varied, technical and highly practical. Your role will evolve over time, but your core responsibilities will include: Building compliance automation - Creating and maintaining automated processes that support compliance monitoring, evidence collection and continuous audit readiness. Reducing manual audit preparation - Helping move us away from spreadsheets, repeated evidence gathering and reactive audit activity. Creating reusable evidence packs - Building clear, reusable documentation, controls and evidence that support client reviews, audits and certification requirements. Monitoring platform security - Identifying risks, gaps and vulnerabilities early, and working with Engineering to make sure they are understood and addressed. Embedding secure-by-design thinking - Helping ensure security requirements are considered as part of platform changes, infrastructure decisions and technology updates. Supporting
standards and regulatory requirements - Helping Good Growth maintain alignment with standards and requirements such as ISO 27001, ISO 27701, PCI DSS and GDPR. Supporting client security assurance - Helping with client security reviews, questionnaires and technical assurance processes, especially for enterprise IT and security teams. Equipping internal teams - Making sure Solutions Engineers, Client Engagement teams and others have the knowledge, evidence and language they need to explain our platform and security approach clearly. Improving tools, processes and controls - Proactively spotting better ways to work, reduce risk and make compliance more scalable. About You

We're looking for someone technically confident, pragmatic and motivated by helping a growing technology business scale securely. You don't need to have followed one perfect career path. You might come from security, compliance, platform engineering, DevOps, systems, cloud infrastructure or another technical role where security and assurance have been a big part of your work. What matters most is that you can combine technical understanding with practical ownership. Essential Skills
Experience in a technical security, compliance, platform, DevOps or systems role
Strong understanding of security and compliance frameworks such as ISO 27001, ISO 27701, PCI DSS and GDPR
Confidence working with cloud platforms, monitoring tools, access controls or technical assurance processes
Ability to automate workflows using scripting, tooling, CI/CD pipelines or infrastructure/platform monitoring
Clear communication skills, including the ability to explain technical concepts to non-technical stakeholders
Strong ownership mindset and attention to detail
Practical problem-solving ability Desirable Skills
Nice to have, but not a dealbreaker: Experience in a SaaS, scale-up, consultancy or client-facing technology environment
Experience supporting external audits or enterprise client security reviews
Background in GCP, AWS, Azure or cloud infrastructure security
Experience building compliance-as-code or automated evidence collection processes
Familiarity with vendor/security questionnaires and enterprise procurement processes If you don't tick every box, don't worry - we value attitude, ownership and potential as much as experience. Our Culture - The Three Es
At Good Growth, we look for people who bring our Three Es to life: Empathetic - You build trust with colleagues, auditors and client IT/security teams by listening carefully, communicating clearly and understanding the risks they are trying to manage. Energetic - You bring curiosity, pace and momentum to your work. You proactively look for better ways to automate, evidence and improve how we operate. Effective - You take ownership and turn standards, policies and risks into practical controls, evidence and systems that help Good Growth scale securely. Salary & Benefits

Salary: £50-60k
️ 28 days annual leave + bank holidays
Flexible and hybrid working
Learning & Development Allowance
Regular team events and socials, including our 2-day company event
Company Bonus Scheme
Work from Anywhere, up to 30 days a year
️ A hands-on role shaping how security and compliance scale at Good Growth We believe in investing in our people and enabling them to grow. Our Interview Process
We believe in a fair, transparent process that gives you a real sense of the job, team and culture. 1️⃣ Introductory Call - A relaxed conversation to learn more about you, your experience and what you're looking for. 2️⃣ Technical / Practical Interview - A scenario-based conversation focused on security, compliance, automation and how you would approach the role in practice. 3️⃣ Work Day / Team Session - Spend time with us, meet some of the team and get a feel for how Good Growth works. This will also give you the chance to understand our platform, our culture and the kind of problems you'd be helping us solve. Interviews are a two-way process, so we'll make sure there's plenty of space for you to ask questions throughout.