EnergySys
Compliance Officer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Location - UK remote - fully remote
Hours - 37.5 hours
Salary - £45,000 per annum
About EnergySys
EnergySys is a platform used by software builders and consultants who serve oil and gas companies. Our partners build applications on top of us, and those applications run some of the most critical data and reporting workflows in the energy sector.
We've been around for over 20 years, which means we're not a startup bet. We're an established business with a real product, real customers, and a PE-backed growth target.
Our Culture:
EnergySys is shifting towards a high-performing, high-trust environment based on freedom and responsibility. That means we expect our people to take ownership, use their judgement, and care deeply about their impact. In return, we give them the space and trust to do the job the way they believe is best. This role is perfect for someone who wants to lead and build, not just follow a playbook.
Why This Role Exists:
As the business scales, the need for structured governance, process integrity, and accountability across day-to-day operations has become a strategic priority.
This role exists to own that accountability. The postholder will serve as the operational backbone of the company - ensuring that internal processes are documented, consistently applied, and aligned with applicable regulatory requirements. Working closely with the CEO and leadership team, they will maintain clear ownership of cross-functional projects, people-related processes, and compliance-sensitive workflows, ensuring that nothing falls through the gaps as the business grows.
What You’ll Be Responsible For:
Audit & Certification
- You'll own the ongoing SOC 2 Type II and ISO 27001:2022 audit lifecycle for an already-certified organisation: surveillance and recertification audit planning, evidence readiness, auditor liaison, and remediation tracking.
- You'll maintain the ISMS (including the Statement of Applicability), ensure continuous audit readiness, and handle customer security assessments and certification enquiries as they arise.
Drata
- Primary administrator. You'll own framework configuration and control mapping (largely built, with ongoing refinement as frameworks evolve), and maintain integration health across AWS, Microsoft Entra ID, Intune, GitHub, Rippling, and connected systems.
- Automated evidence collection sits with individual control owners; you monitor for gaps or failures and escalate to keep owners accountable. Drata is the system of record, working alongside the ISMS manual as a maintained backup; you keep both consistent.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Governance & Risk
- Chair the Governance, Risk and Compliance Committee, owning the agenda and policy review cycle.
- Maintain the company risk register in Drata, and produce clear, concise reporting for leadership and the board on audit status, risk exposure, and control effectiveness.
Policy & Documentation
- Own the policy register in Drata, ensuring policies stay current and accurate.
- Update existing policies as needed in response to regulatory changes, certification requirements, or operational changes, working within the review cycle set by the Governance and Compliance Committee.
- Monitor regulatory and certification developments to advise leadership on required updates.
Vendor & Third-Party Risk
- Conduct and support structured vendor risk assessments in Drata alongside vendor owners, who are responsible for periodic reviews of their assigned vendors.
- Review SOC 2 reports, ISO certificates, and DPAs, maintain the vendor register, and ensure periodic reviews are completed on schedule, escalating where owners fall behind.
- Oversee third-party due diligence and contract compliance requirements.
Infrastructure & Evidence
- Navigate AWS, Microsoft Entra ID, Intune, and GitHub to pull evidence with little to no developer assistance.
- Use AI tools actively to accelerate evidence gathering, policy drafting, and control assessments.
- Support access management and joiner/mover/leaver processes from a governance perspective.
Training, Culture & Regulatory
- Administer cybersecurity awareness training via Rippling LMS and track completion against framework requirements.
- Support compliance across EnergySys's three legal entities (UK, Australia, US), including GDPR and relevant data protection obligations.
- Embed a culture where compliance is practical, proportionate, and understood across the organisation.
What We're Looking For:
Essential
- Hands-on SOC 2 and/or ISO 27001 experience: evidence management, direct auditor engagement
- GRC platform experience (Drata, Vanta, or similar)
- Cloud literacy: comfortable navigating AWS and Microsoft Entra ID, or actively willing to learn
- Strong written communication: policies, risk registers, committee papers & minutes
- Self-directed and ownership-minded, able to run a compliance programme independently
- AI-native: you use LLMs and AI tools as genuine productivity accelerators


Get help with your application
Your very own career expert that helps elevate your application to the next level.
In Short:
We need someone who maintains, operates, and owns; not someone who reports findings to others. You will be the sole compliance resource, working closely with the Head of Operations and engineering leadership. EnergySys is lean and fast-moving; pragmatism and proportionality are valued over process for process's sake. Drata is your tool, but the thinking, the judgement, and the ownership are yours.
What We Offer Here @ EnergySys
- 🏖️ Unlimited holiday — flexibility to take the time you need; we trust you to manage your time and deliver
- 🏥 Private medical insurance
- 💰 EnergySys matches your contributions up to 8% of salary
- 👶 Enhanced parental leave — 3 months full pay maternity, 4 weeks full pay paternity
- 📜 ISO 27001 Lead Implementer certification funded
- 🤝 Direct access to senior leadership — you will work closely with the Head of Operations and CEO with genuine influence
- 🚀 Real ownership — the compliance programme is yours to run; we have the foundations and the tools in place, but we need someone who takes initiative, sets the direction, and moves without waiting to be told
How to Apply
Please send your CV alongside a brief cover note, no more than one page, addressing the following two questions:
- Describe a time you owned and improved an existing compliance programme rather than building one from scratch. What did you change, what resistance did you encounter, and how did you bring people with you?
- Walk us through how you've used a GRC platform (Drata, Vanta, or similar) to maintain audit readiness between certification cycles, including a time something slipped (a control owner missed evidence, an integration broke, a review lapsed) and how you caught and resolved it.
We will read your CV for the technical baseline. The cover note is how we understand how you think and how you work with people. Keep it concise, quality over length. Applications without a cover note will not be progressed.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location