1 to 25 of 41 SOC 2 Jobs in the UK excluding London

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

Cyber Security Lead Oxfordshire - Hybrid - 2 days per week (Flexible) £50k - £60k plus Benefits Our Client are an award-winning leading IT company offering complete outsourced IT solutions to organisations across the UK and Europe. Based in Oxfordshire they provide a comprehensive range of support services, software and hardware solutions to major blue-chip clients and their technicians are … Act as the strategic security escalation point for clients when risks require senior involvement. Internal MSP Security Own the MSP's internal security frameworks and certifications (e.g., CE+, ISO, SOC 2). Oversee patching, vulnerability, and risk management of MSP-owned infrastructure and tools. Ensure MSP's technology stack (RMM, XDR, PSA, backup, etc.) is securely deployed and … Secure Score, M365 compliance dashboards). Drive continuous posture improvement across client environments. Team Leadership & Growth Mentor and develop Security Analysts. Ensure team certifications remain up to date (minimum 2 per year per Analyst). Lead internal knowledge-sharing sessions to keep the team and wider MSP relevant against new threats and frameworks. Champion automation (RPA/AI) in More ❯

. Knowledge of container security and cloud compliance best practices. Experience with scripting languages (e.g., Python, Bash, PowerShell). Understanding of security certifications or industry compliance (e.g., ISO 27001, SOC 2) is a plus. Experience with Kubernetes or OpenShift for container orchestration. Familiarity with CI/CD pipelines and automation tools (e.g., GitHub Actions, Jenkins). Exposure to More ❯

identify and mitigate risks. Work closely with the security team to integrate best practices into new and existing features. Ensure compliance with security standards and regulations (e.g., ISO 27001, SOC 2). Implement monitoring solutions to detect and respond to real-time security incidents. Troubleshoot infrastructure and security issues, performing root cause analysis in production. Mentor junior engineers More ❯

large, complex technology programmes involving multiple concurrent projects with significant experience of delivering through offshore/nearshore strategic vendors. Knowledge of security frameworks & standards (ISO 27001, NIST, CIS, GDPR, SOC 2) Be experienced in 'hands on' technology software delivery from initiation to implementation. Have knowledge of programme and project management methodology and managing full lifecycle of programmes from More ❯

execution with business goals, ensuring scalability, security, reliability, and maintainability. Your contribution Key Responsibilities 1. Technical Leadership • Architect secure, high-availability systems with compliance in mind (e.g., PCI DSS, SOC 2, ISO 27001). • Ensure robust encryption, audit trails, and access control mechanisms. • Guide backend design for high-volume transactional systems (e.g., ledgers, payments, identity verification). 2. More ❯

external partners to enhance incident response and cyber resilience. Candidate Requirements Experience in a cyber security risk management role. Strong understanding of cyber security frameworks and standards (ISO 27001, SOC2, NIST, GDPR). Excellent analytical, communication, and stakeholder engagement skills. Proficient in risk assessment tools and methodologies. Professional certifications such as CRISC, CISM, or CISSP are desirable. Bright Purple is More ❯

management, zero-trust security, and vulnerability management Develop secure cloud-native architectures including microservices, containers, and serverless patterns Ensure compliance with industry security and privacy standards ( e.g. ISO 27001, SOC 2, GDPR) Secure containerised environments, including Kubernetes and Docker Collaborate with developers to integrate secure deployment pipelines across the SDLC Support deployments in client environments, including on-prem … the role, and answer any questions you may have about us. We'll be assessing some basic skills for the role and finding out more about your background. Step 2: Meet with our team. You'll meet with key stakeholders to tell us more about your skills and experience for the role. What we offer We believe great work More ❯

Responsibilities Third-Party Risk Management: Lead and own the third-party vendor risk assessment process across a portfolio of 100-120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks. Governance, Risk & Compliance (GRC): Actively contribute More ❯

essential Microsoft Purview, Compliance Manager and related compliance tools Entra ID (Azure AD), Conditional Access and Identity Governance Data Loss Prevention, sensitivity labels and insider risk management ISO 27001, SOC 2, GDPR and NIS2 frameworks PowerShell scripting and use of Microsoft Graph API Working across cloud, infrastructure and application teams Certifications required: AZ-500 SC-100 (or working More ❯

Review and approve security designs for new services, platform upgrades, and major integrations Risk Management : Drive identification and remediation of platform-specific security risks while ensuring regulatory compliance (GDPR, SOC2, ISO27001) Team Leadership : Mentor and manage a team of security architects and engineers, fostering cross-functional collaboration Stakeholder Engagement : Present complex security insights to senior leadership and influence technology investment More ❯

and thought leadership within the Practice by defining standards, sharing knowledge, and mentoring peers Influence customer outcomes through expert knowledge of DevSecOps tools and compliance frameworks like NIST, CIS, SOC 2, and PCI DSS You'll travel to client sites across the UK, working directly with business and technical stakeholders to drive real business value What you'll More ❯

fast-moving SaaS or product-led business before. Bonus points if you've helped shape DevOps roadmaps, mentored others, or worked with cost optimisation, security, or compliance frameworks (ISO, SOC2, etc.). This is more than just another DevOps role - it's a chance to join a company at the perfect stage: profitable, scaling, tech-led, and genuinely empowering its More ❯

an infrastructure engineer to join a 6 month contracting within the public sector. Inside IR35 Till 13th March 2026 Onsite aspect in Newcastle £466 per day Tech stack Minimum 2 years of professional experience in cloud security, specifically within AWS environments, demonstrating a track record of implementing and managing comprehensive security strategies. Experience leading projects with a focus on … at rest and in transit. Experience with AWS Key Management Service (KMS) and AWS Certificate Manager (ACM). Knowledge of compliance requirements that impact cloud security (e.g., GDPR, HIPAA, SOC 2) and experience in implementing controls to meet these requirements. Ability to design and execute incident response strategies within the AWS cloud, including the use of AWS CloudWatch More ❯

Kubernetes. Contribute to a platform that handles 200k transactions per minute and supports 1M+ active users per month. Ensure compliance with industry-leading security standards (ISO 27001, PCI-DSS, SOC 2). Work in a high-availability ecosystem with Azure SQL and MongoDB for data management. What you'll be doing: Designing and implementing innovative solutions to meet More ❯

legal, regulatory, and best practice obligations. We work across the business to promote good governance, manage risk, and deliver robust internal audit and compliance programmes. With current challenges including SOC 2, ISO standards, and evolving environmental commitments, you’ll be joining at a pivotal moment - playing an important part in safeguarding the business while developing your own professional … internships, or academic projects. Ideally, this experience should include working with technical information systems, IT compliance, or IT audit. Exposure to regulatory frameworks, information security standards (such as ISO27001, SOC2, or GDPR), or technology-driven controls is highly desirable. This experience will provide a foundational understanding of regulatory frameworks, internal controls, and governance processes, enabling you to quickly contribute to … Lead investigations as required, performing root cause analysis to resolve issues and prevent recurrence. Provide evidence for the above activities both internally and externally to compliance standards such as SOC2, GDPR, BACS, ISO9001 & ISO27001. Benefits to support you personally and professionally Alongside the opportunity to work with an incredible team and express your individuality, we offer a range of personalised More ❯

legal, regulatory, and best practice obligations. We work across the business to promote good governance, manage risk, and deliver robust internal audit and compliance programmes. With current challenges including SOC 2, ISO standards, and evolving environmental commitments, you’ll be joining at a pivotal moment - playing an important part in safeguarding the business while developing your own professional … internships, or academic projects. Ideally, this experience should include working with technical information systems, IT compliance, or IT audit. Exposure to regulatory frameworks, information security standards (such as ISO27001, SOC2, or GDPR), or technology-driven controls is highly desirable. This experience will provide a foundational understanding of regulatory frameworks, internal controls, and governance processes, enabling you to quickly contribute to … Lead investigations as required, performing root cause analysis to resolve issues and prevent recurrence. Provide evidence for the above activities both internally and externally to compliance standards such as SOC2, GDPR, BACS, ISO9001 & ISO27001. Benefits to support you personally and professionally Alongside the opportunity to work with an incredible team and express your individuality, we offer a range of personalised More ❯