Compliance Platform Engineer

⚙️ Compliance Platform Engineer

 

Phoeniqs Technologies | Powering Sovereign Cloud Infrastructure

At Phoeniqs Technologies, we engineer the infrastructure that powers secure, compliant, enterprise‑grade digital ecosystems.

 

Job Description 

Position Summary: 

Phoeniqs is seeking a highly skilled Compliance Platform Engineer with a strong GRC (Governance, Risk, and Compliance) focus to join the Engineering organization. 

This role is responsible for ensuring that regulatory requirements and certification frameworks are translated into concrete technical capabilities embedded within our platform, systems, and engineering processes. The focus is on building solutions that are secure, compliant by design, automated, and continuously verifiable, rather than relying on documentation alone. 

The ideal candidate combines hands-on engineering expertise with a deep understanding of European and Swiss regulatory frameworks, and is capable of turning these into scalable, enforceable, and auditable technical implementations. The role contributes directly to certifications and future audits, ensuring that compliance is a natural outcome of how the platform operates. 

 

Key Responsibilities 

Regulatory & Certification Translation (Core Focus): 

• Interpret and operationalize requirements from:  

• GDPR and Swiss Federal Act on Data Protection (revDSG) 

• EU AI Act, with focus on technical and operational implications 

• ISO 27001 / 27017 / 27018 

• SOC / ISAE frameworks 

• FINMA expectations and outsourcing guidance 

• German Digital Services Act (DSA) 

• Spanish Esquema Nacional de Seguridad (ENS) 

• Translate these requirements into:  

• Technical controls and enforceable system configurations 

• Architecture patterns and engineering standards 

• Platform-level security and compliance capabilities 

• Maintain mappings between regulations, certifications, and implemented controls 

 

Compliance as a Platform Capability: 

• Design and implement compliance controls as part of the platform itself, not as external or manual processes 

• Ensure controls are:  

• Technically enforced and measurable 

• Automated wherever possible 

• Continuously validated and testable 

• Embed compliance into:  

• System architecture 

• Platform services and components 

• Development and deployment workflows 

• Drive adoption of:  

• Policy-as-Code and Infrastructure-as-Code 

• Automated control validation and monitoring 

• Logging, traceability, and evidence generation mechanisms 

Certification & Audit Readiness (Implementation-Focused): 

• Lead the technical readiness for certifications and audit processes 

• Ensure that systems inherently produce reliable, consistent, and auditable evidence 

• Support certification and audit activities by demonstrating real technical control implementation 

• Identify and remediate gaps between:  

• Defined requirements 

• Actual system behavior 

Risk & Control Effectiveness: 

• Perform technical risk assessments across systems, services, and data flows 

• Implement practical and proportionate mitigation strategies aligned with regulatory expectations 

• Evaluate control effectiveness in real environments 

• Continuously improve control design based on evolving threats and regulatory changes 

Cross-functional Enablement: 

• Collaborate across the organization to:  

• Align engineering practices with compliance and certification goals 

• Support ongoing and future certification initiatives 

• Provide practical guidance on implementing compliant systems 

• Contribute to customer-facing compliance needs (e.g., assurance materials, technical explanations of controls) 

Continuous Improvement & Compliance Engineering: 

• Evolve the organization’s approach to compliance-by-design and compliance-by-default 

• Reduce reliance on manual processes through:  

• Automation 

• Standardization of controls 

• Reusable platform capabilities 

• Contribute to building compliance as a scalable engineering discipline embedded into the platform 

Qualifications: 

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or related field 

• Minimum of 5+ years of experience in security engineering, GRC engineering, or technical compliance roles 

• Strong understanding of (some):  

• ISO 27001 and related frameworks 

• GDPR and Swiss data protection regulations 

• EU AI Act (or strong willingness to specialize in it) 

• ENS (Esquema Nacional de Seguridad) 

• Proven ability to translate regulatory and certification requirements into real technical implementations 

• Solid experience in:  

• System and infrastructure security 

• Control implementation and validation 

• Modern engineering environments 

• Strong hands-on mindset with a focus on:  

• Implementation 

• Automation 

• Measurable outcomes (not only documentation) 

• Ability to collaborate across technical and non-technical domains