1 to 25 of 40 Permanent SOC 2 Jobs in London

supporting compliance programs, and promoting secure practices across engineering and business teams. You'll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements, contributing to risk assessments, and supporting incident response activities. Working closely with product and engineering teams, you'll help embed security into the design of our … shaping how we scale IT and security together. What you'll do: Governance & Compliance Own and evolve Definely's Information Security Management System (ISMS). Lead ISO 27001 and SOC 2 Type II audits, ensuring controls remain effective. Manage customer due diligence requests and run Definely's SafeBase-powered Trust Center; streamline customer security questionnaires, DPAs, and RFP … stakeholders. What you'll bring: Hands-on experience in information security, ideally within a SaaS or product-led environment. Proven success leading or supporting ISO 27001 and/or SOC 2 Type I/II compliance programs. Deep understanding of secure SDLC practices, including threat modelling and design reviews for security impact. Experience securing AI/LLM features More ❯

on security, data privacy, compliance, and regulatory matters. You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical compliance solutions across the business. A background in Security Engineering is a big plus as it would enable you … Compliance (GRC) Lead or support internal compliance programs, with a focus on data privacy, corporate governance, and regulatory frameworks Manage the organization's compliance with frameworks and regulations (oversee SOC 2 Type II maintenance and readiness efforts) Conduct risk assessments and maintain the enterprise risk register Ensure third-party vendor risk management processes are in place Awareness & Training … report status to executive leadership Ensure timely remediation of audit findings About You: Experience & Qualifications Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2) Strong knowledge of security standards, controls, and best practices (NIST, CIS, OWASP) Familiarity with cloud security (AWS, Azure, GCP) Experience with audit management, GRC tools, and security More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

development of effective security measures. Support the development, implementation, and continuous improvement of the organization's security strategy, policies, and procedures. Support the maintenance of our ISO 27001 and SOC 2 Level 2 certifications. What you'll bring Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field. Master's degree or relevant certifications … you? Competitive salary and uncapped commission. 26 days of annual leave and Bank Holidays Top-notch Private Healthcare and Health Cash Plan Hybrid working model Initial home office budget 2-month work abroad policy Great training and yearly learning budget Employer pension scheme Enhanced maternity pay Social activities and team outings Referral bonus Employee Assistance Program Great hardware and More ❯

Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Implement automated compliance controls and … to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years. All of our plans provide best in class coverage: Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children Low $10 (USD) copays for trips to More ❯

technologies like Docker and Kubernetes Knowledge of security best practices for cloud environments (AWS, Azure, GCP) Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2 Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment Strong problem-solving skills and a passion for continuous improvement More ❯

self-service deployment capabilities. Improve developer productivity by standardizing environments and streamlining workflows. Security & Compliance Partner closely with the ISO and Security teams to maintain compliance with ISO 27001, SOC 2, and GDPR. Implement identity and access management, secrets management, and network security best practices. Drive a security-first culture across platform and product teams. Mentorship & Leadership Act More ❯

tools (EDR, vulnerability scanners, SCA, etc.) Own and manage internal authentication (SSO, MFA, identity lifecycle) Secure endpoints, laptops, and internal systems Lead security awareness and employee training programs Drive SOC 1/2 and other compliance frameworks Build internal security policies, playbooks, and operational processes Manage relationships with vendors, auditors, and pentesters We're Looking For Someone Who … or similar certification Strong knowledge of cloud security, secure software development, and common vulnerabilities Proven experience securing production environments and CI/CD systems Familiarity with security compliance frameworks (SOC 2, ISO 27001) Experience deploying and operationalising security tools Excellent communication skills and the ability to collaborate across teams A pragmatic, system-oriented mindset that balances risk and More ❯

ensuringglobal network performance optimization. Implementnetwork observability and predictive analyticstoproactively prevent outages. Security, Compliance & Risk Management: Drivezero-trust security frameworks, ensuringsecure and resilient network access. Ensure adherence toISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate withcybersecurity teamsto enhancenetwork threat detection and mitigation. Implementautomated security policy enforcement, reducing human intervention in risk mitigation. Financial & Vendor Management: Optimizenetwork More ❯

. Experience designing for security, reliability, and scalability in hybrid and cloud environments. In particular IAM policies, network segmentation, AWS Security Policies and understanding of implications of compliance frameworks (SOC2, GDPR, FedRAMP) Excellent communication skills-able to document and articulate complex technical topics to both technical and non-technical stakeholders. Qualifications: Bachelor's or Master's degree in Computer Science More ❯

will include maintaining and improving our security posture in tandem with GRC practices and policies as they evolve to align with current and future standards and frameworks, such as SOC 2, ISO 27001, as well as applicable legislation, including GDPR and UK DPA, working closely with our Legal and Privacy as well as the wider Technology team. Internally … solution design, e.g. Zero Trust, least privilege RBAC, Security by Design, PAM, Segregation of Duties Data Protection and DLP Experience Experience with the following would also be beneficial: NIST, SOC2 and additional compliance and regulatory frameworks Project Management and technical delivery Experience of, or a keen interest in, the business of sport Benefits We offer a benefits package to suit More ❯

negotiation, including our own standard terms and customer negotiations; Handle company secretarial work; Work with the R&D team to project manage us through our various infosec certifications, including SOC 1 and SOC 2; Research and provide Legal advice as needed, whether it's managing our equity schemes, employment matters, or data protection requirements. Help run visa More ❯

Responsibilities Third-Party Risk Management: Lead and own the third-party vendor risk assessment process across a portfolio of 100-120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks. Governance, Risk & Compliance (GRC): Actively contribute More ❯

essential Microsoft Purview, Compliance Manager and related compliance tools Entra ID (Azure AD), Conditional Access and Identity Governance Data Loss Prevention, sensitivity labels and insider risk management ISO 27001, SOC 2, GDPR and NIS2 frameworks PowerShell scripting and use of Microsoft Graph API Working across cloud, infrastructure and application teams Certifications required: AZ-500 SC-100 (or working More ❯

Review and approve security designs for new services, platform upgrades, and major integrations Risk Management : Drive identification and remediation of platform-specific security risks while ensuring regulatory compliance (GDPR, SOC2, ISO27001) Team Leadership : Mentor and manage a team of security architects and engineers, fostering cross-functional collaboration Stakeholder Engagement : Present complex security insights to senior leadership and influence technology investment More ❯

innovation and continuous improvement in client workflows, leveraging Tungsten Automation's cutting-edge technologies Security & Compliance Enterprise Security : Maintain a strong grasp of enterprise security practices (IAM, data encryption, SOC2, GDPR, HIPAA) when integrating AI into regulated industries What You Bring Educational Foundation Bachelor's degree in Computer Science, Information Systems, or a related technical field required Advanced degree preferred More ❯

by having Networking skills: Knowing your BGP from your VPC Solid security understanding: Help us engineer the secure-by-default infrastructure and deployment pipelines Familiarity with regulated workflows: ISO27001, SOC2, GDPR aren't just abbreviations, and don't fill you with dread Observability skills: Well familiar with Open Telemetry, Prometheus, Loki and Grafana CI/CD pipeline skills: You know More ❯