Junior Security Engineer – GRC – Job Description
Location: Knutsford, UK
Department: Security
Reports to: CISO
Must have full right to work
Strictly no agencies
Office based/Hybrid Position Overview:
The Junior Security Engineer - GRC is an operational role responsible for supporting the day-to-day security compliance and assurance activities of Custodia. The role focuses on supporting the operation of the Information Security Management System (ISMS), maintaining compliance evidence, and helping demonstrate that security controls are operating effectively in line with ISO/IEC 27001 and SOC 2 Type II requirements.
Working closely with all teams in the organisation to support audit readiness, tracks remediation activity, and helps translate technical security operations into auditable and repeatable compliance outcomes. The role also contributes to educating users, reinforcing security best practices and building hands on compliance capability within the organisation.
Key Responsibilities:
1. Audit readiness and Ongoing monitoring
· Support the execution of the organisation's security and compliance strategy by ensuring security controls are documented, evidenced, and operating as intended.
· Assist with identifying, tracking, and escalating compliance-related risks, control gaps, and exceptions.
· Support the maintenance of security policies, standards, and procedures, ensuring alignment between documented controls and operational practice.
· Collect, validate, and maintain compliance metrics and audit evidence to support ISO 27001 and SOC 2 reporting.
· Contribute to regular compliance status updates, risk register updates, and remediation tracking for senior security leadership.
· Work with security engineering, IT, and engineering teams to ensure technical security controls meet documented compliance requirements.
· Support audit readiness by helping ensure reporting, evidence, and control status remain current and accurate.
2. Security Operations (BAU)
· Perform day-to-day (BAU) security operations, including:
o Monitoring security alerts and incidents (via SOC and Sentinel)
o Supporting access reviews and entitlement checks
o Assisting with patching validation and remediation tracking
o Maintaining security logs and evidence
· Support the implementation and operation of security controls such as endpoint protection, identity controls, logging, and monitoring solutions.
· Assist with incident response activities by:
o Investigating alerts
o Collecting evidence
o Escalating incidents in line with defined runbooks and procedures
· Support the ongoing improvement of centralised monitoring and detection capabilities, including alert tuning and use-case validation.
· Assist with Privileged Access Management (PAM) and Privileged Identity Management (PIM) activities, including monitoring and exception tracking.
· Maintain awareness of emerging threats and vulnerabilities and raise findings with senior security team members.
· Support delivery of security awareness activities and reinforce security best practices across the organisation.
3. Collaboration and Stakeholder Management:
• Collaborate with cross-functional teams, including Risk & compliance, IT, legal, human resources, and operations, to ensure security and compliance requirements are met.
• Engage with industry groups to maintain awareness of best practices and emerging trends.
• Provide guidance and recommendations to management and employees on security-related matters.
• Foster a culture of security awareness and accountability throughout the organisation.
Qualifications & Experience
· Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field (or equivalent practical experience).
· 0–3 years' experience in a security, IT, SOC, or technical operations role.
· Foundational understanding of:
o Cloud security concepts (preferably Microsoft Azure)
o Identity and access management principles
o Logging, monitoring, and alerting
· Exposure to security standards or frameworks such as ISO 27001, NIST, or CIS Controls is desirable but not essential.
· Familiarity with security tooling such as Microsoft Sentinel, Defender, or similar SIEM / EDR platforms is advantageous.
· Willingness to learn incident response processes and security operations best practices.
Certifications
· BCS Certificate in Information Security Management Principles (CISMP)
· ISO/IEC 27001 Foundation or Awareness (desirable)
· Microsoft AZ-900 - Azure Fundamentals
· Microsoft SC-200 - Security Operations Analyst
Soft Skills and Leadership
· Leadership, communication, and stakeholder engagement skills across technical and non-technical teams
· Ability to influence and educate teams on security awareness and compliance best practices
· Comfortable working in high-trust, regulated environments with executive-level visibility
· Highly organised, analytical, and proactive in identifying and mitigating risks