1 to 25 of 136 SOC 2 Jobs in the UK

About the Role We are seeking an experienced SOC 2/IT GRC Specialist Contractor to support and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 … our Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will assess current controls, implement necessary enhancements, and lead the organization through SOC 2 readiness and audit. Key Responsibilities Lead and execute SOC 2 Type II readiness activities from planning through audit support. Perform … a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations. Author, review, and enhance IT and security policies, SOPs, and governance documentation. Support GxP-aligned More ❯

Engineer to join our growing engineering team. As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing … improve Duel's overall security posture. The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations. We're Looking for … Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed. Help support the company's transition towards SOC 2 certification by tracking requirements and implementing necessary security measures. Work within Secureframe to maintain compliance records, ensuring a structured and organised approach More ❯

and preparing for audits while also providing consultation on PCI requirements to Engineering, SecOps, and Architecture teams. Additionally, the role will support ISO 27001, SOC 2 Type 2, and other certification audits, assist with security assurance activities such as design reviews and client security questions, and collaborate … of improvement. Stay up to date with PCI DSS standard updates and ensure timely adaptation of new requirements. Manage and support ISO 27001 and SOC 2 Type 2 certification processes, ensuring evidence gathering, control validation, and audit preparation. Assist in responding to client security questionnaires and third … understanding of PCI DSS requirements, controls, and assessment processes. Hands-on experience with security controls, cloud environments, and security architecture. Experience with ISO 27001, SOC 2 Type 2, or other security frameworks. Proven ability to work effectively with senior leadership, auditors, external partners, and cross-functional teams. More ❯

streamline transactions and enhance customer relationships. As they continue their growth, they are engaging with larger customers who are wary of security, particularly around SOC 2 and data protection. As a result, they are looking for a highly skilled and experienced Information Security Analyst/Manager to help … lead them through an end-to-end SOC 2 implementation. You will need to define the SOC 2 compliance, identifying necessary controls and collaborating with engineers and admins to implement and control effectively. Required Experience: Experience implementing SOC 2 at Scale. (Must-Have) Background More ❯

product roadmap priorities based on client feedback. Respond to technical sections of RFPs, RFIs, and security questionnaires, ensuring alignment with regulatory standards (e.g., ISO27001, SOC 2, GDPR). Act as a trusted advisor to clients and internal teams, bridging the gap between commercial goals and technical feasibility. Stay … managers, or exchanges. Proven experience supporting long sales cycles and navigating enterprise procurement processes. Familiarity with industry standards and frameworks such as ISO 27001, SOC 2, MiFID II, GDPR, or cloud governance in regulated industries. Skills & Competencies: Excellent communication and presentation skills, with the ability to simplify complex More ❯

product roadmap priorities based on client feedback. Respond to technical sections of RFPs, RFIs, and security questionnaires, ensuring alignment with regulatory standards (e.g., ISO27001, SOC 2, GDPR). Act as a trusted advisor to clients and internal teams, bridging the gap between commercial goals and technical feasibility. Stay … managers, or exchanges. Proven experience supporting long sales cycles and navigating enterprise procurement processes. Familiarity with industry standards and frameworks such as ISO 27001, SOC 2, MiFID II, GDPR, or cloud governance in regulated industries. Skills & Competencies: Excellent communication and presentation skills, with the ability to simplify complex More ❯

with security teams to ensure that the platform complies with industry regulations and standards, including data protection, privacy, and security best practices (e.g., GDPR, SOC 2, etc.). Cost Management: Optimize platform operations and infrastructure for cost-efficiency, particularly in cloud environments. Implement monitoring and alerting to keep … implementing SLAs, SLOs, and SLIs is a plus. Security & Compliance: In-depth understanding of platform security, data privacy, and regulatory compliance requirements (e.g., GDPR, SOC 2, PCI-DSS). Cost Optimization: Experience managing infrastructure costs, optimizing cloud usage, and driving operational efficiencies. Problem-Solving: Proven ability to analyse More ❯

security strategy, policies, and procedures, aligning them with business objectives and risk tolerance. Oversee the maintenance and expansion of existing security certifications (ISO 27001, SOC 2) and drive initiatives for future certifications (e.g., ISO 22301, DORA). Direct regular security audits, risk assessments, and vulnerability analyses, ensuring that … and IT-regulations that apply to financial institutions or its outsourcing partners. In-depth knowledge of relevant regulatory requirements and industry standards (ISO 27001, SOC 2, GDPR, DORA, etc.). Experience with cloud security (AWS, Google etc.), application security, and DevSecOps practices is a significant plus. Proven experience More ❯

/CD pipelines. Lead the deployment of zero-trust architectures, security automation, and monitoring solutions. Support security incident detection, investigation, and response alongside the SOC and Red Team. Threat & Vulnerability Management Perform regular security assessments, vulnerability scans, and penetration tests, prioritizing remediation efforts. Develop automated remediation for common security … fine-tuning detections and response playbooks. Risk & Compliance Support Work with GRC and compliance teams to implement security controls aligned with ISO 27001, NIST, SOC 2, and GDPR. Support security reviews for third-party vendors, M&A due diligence, and cloud risk assessments. Ensure compliance with regulatory frameworks … Familiarity with scripting (Python, PowerShell) and infrastructure-as-code (Terraform, Ansible). Deep understanding of vulnerability management, penetration testing, and security hardening. Knowledge of SOC processes, incident response, and forensics. Strong grasp of zero-trust architectures, identity security, and secure DevOps practices. Ability to work cross-functionally with IT More ❯

to ensure encryption, access controls, and data localization measures are in place. Support and coordinate audits, risk assessments, and certifications (e.g. ISO 27001, FedRAMP, SOC 2, NIST, SecNumCloud, etc.). Build strategic relationships with local infrastructure providers, technology partners, and regulators. Evangelize Red Hat's sovereignty strategy and … Strong analytical, problem-solving, and decision-making skills. Excellent communication and stakeholder management abilities. Experience with security certifications/standards (e.g. ISO 27001, FedRAMP, SOC 2, NIST, SecNumCloud, etc.). Experience or knowledge of US EAR/ITAR, EU/UK Dual Use Regulations, or similar laws. Knowledge More ❯

to ensure encryption, access controls, and data localization measures are in place. Support and coordinate audits, risk assessments, and certifications (e.g. ISO 27001, FedRAMP, SOC 2, NIST, SecNumCloud, etc.). Build strategic relationships with local infrastructure providers, technology partners, and regulators. Evangelize Red Hat's sovereignty strategy and … Strong analytical, problem-solving, and decision-making skills. Excellent communication and stakeholder management abilities. Experience with security certifications/standards (e.g. ISO 27001, FedRAMP, SOC 2, NIST, SecNumCloud, etc.). Experience or knowledge of US EAR/ITAR, EU/UK Dual Use Regulations, or similar laws. Knowledge More ❯

Risk Analyst - Nottingham CityContract type: PermanentHours: Full-time, 35 hours Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week)Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact … to identify vulnerabilities, focusing on protecting customer data and financial systems. Regulatory Compliance: Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines. Effectiveness Monitoring: Monitor and assess the effectiveness of security controls, policies, and procedures. Audit Support: Support audits … and track security incidents and breaches, ensuring appropriate mitigation and response strategies.About you: - Information Security Frameworks: Familiarity with frameworks such as NIST, ISO 27001, SOC 2, and GDPR. Financial Sector Requirements: Knowledge of specific information security needs for financial institutions and building societies. Security Controls and Risk Management More ❯

the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. ISO/IEC 27001 and SOC 2 certification). What you'll be doing Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program. … of risk management, information security and IT jobs. Knowledge of common regulatory and information security management frameworks, such as ISO/IEC 27001, NIST, SOC 2 and GDPR. Excellent written and verbal communication skills and high level of personal integrity. Innovative thinking and leadership with an ability to More ❯

Lead the development and execution of the overall security strategy Own and manage risk across infrastructure, applications, and data Drive compliance efforts (ISO 27001, SOC 2, etc.) and support audit readiness Build security awareness across the company, including training and best practices Work closely with engineering to embed … scaling business Hands-on knowledge of cloud (AWS, GCP or Azure), application security, and security tooling Familiarity with compliance frameworks such as ISO 27001, SOC 2, and GDPR Excellent communication skills with the ability to influence both technical and non-technical stakeholders A strategic mindset, but comfortable working More ❯

Lead the development and execution of the overall security strategy Own and manage risk across infrastructure, applications, and data Drive compliance efforts (ISO 27001, SOC 2, etc.) and support audit readiness Build security awareness across the company, including training and best practices Work closely with engineering to embed … scaling business Hands-on knowledge of cloud (AWS, GCP or Azure), application security, and security tooling Familiarity with compliance frameworks such as ISO 27001, SOC 2, and GDPR Excellent communication skills with the ability to influence both technical and non-technical stakeholders A strategic mindset, but comfortable working More ❯

SENIOR SOC ANALYST Up to £80,000/Bonus + Excellent Staff Benefits Strong Career Growth Opportunities 2 Days Onsite/3 Days Remote No Shift Work (Normal 09:00-17:30pm) Working Hours An interesting opportunity has presented itself within one of the UKs largest Independent Software … Tools & Onboard New Functionality. You will also work with colleagues in the Governance & Compliance Functions to ensure appropriate usage of Data. As a Senior SOC Analyst you will use Leading, Enterprise-Led Tools & take Responsibility for Tuning & Maintaining Security Platforms to Deliver the Best Capability to other Information Security … Strong Verbal & Written Communication Skills Leadership, Coaching & Mentoring Skills. Strong Team Player Ideally Familiarity with Industry Standard Security Frameworks such as ISO 27001 or SOC2 Understanding of Common Network Protocols & Technologies such as TCP/IP, DNS & DHCP Searches: SOC Analyst/Lead SOC Analyst/Principle SOC More ❯

role will sit within an Attestations & Assurance team , focused on: Facilitating external client audits Supporting the delivery of ISAE 3000 assurance reports (similar to SOC 2) Enhancing operational resilience evidence across services Skills & Experience Required: Hands-on experience with ISAE 3000 and/or SOC 2 More ❯

cyber security posture and culture since day zero, maintained by several existing teams. This is demonstrated in numerous ways, including watchTowr's ISO27001 and SOC 2 Type 2 certifications. As watchTowr enters another phase of significant growth, dedicated capability and leadership is required to now focus on … controls across numerous business areas, including application, infra, cloud, and data security. You will maintain watchTowr's alignment to numerous industry standards, including ISO27001 and SOC2 Type 2, while going steps further where relevant due to watchTowr's unique threat model. You will oversee security monitoring, threat analysis, threat More ❯

Security Engineer to strengthen our security posture by identifying vulnerabilities, integrating best practices into CI/CD pipelines , and ensuring compliance with PCI DSS, SOC 2, GDPR, and CCPA . You'll work closely with development teams to embed security into the Software Development Lifecycle (SDLC) from the … in cloud security (Azure preferred) and securing cloud-native applications. Familiarity with CI/CD security integration . Understanding of compliance and regulatory frameworks (SOC 2, GDPR, PCI DSS). Preferred Skills Experience with container security and Kubernetes . Knowledge of infrastructure security and security monitoring. Familiarity with More ❯

design, build and maintain solutions in collaboration with our System Architects and Systems Security Officer, ensuring we adhere to our existing ISO 27001 and SOC 2 Type 2 obligations. In performing this role your core duties and responsibilities will include, but will not be limited to: Line More ❯

Administration Linux Administration Software engineering disciplines Proficiency developing for serverless frameworks such as Azure Functions or AWS Lambda Experience with compliance frameworks such as SOC 2 Type 2, ISO-27001, FedRAMP, or IRAP and privacy regulations such as GDPR and PIPEDA Roadmap for Success 90 Days: Onboarding More ❯

relevant experience in the DevOps/Platforms area, in a complex organizational set-up with multiple stakeholders. Experience with Information Technology solution certification requirements: Soc2, ISO 27001. Successful adaptation of legacy products to work in Azure Cloud and GIT with full migration. Working Knowledge with languages like Java, Python and More ❯

and oral communication skills, and ability to assimilate easily into teams Strong technical skills and a working knowledge of SOX IT General Controls, COSO, SOC 1, and SOC 2 Awareness of ISO 27001, NIST standards, HIPAA, FAIR, and other relevant standards Effective analytical and critical thinking abilities More ❯

Azure, Google Cloud). Experience with Oracle, Postgres, and NoSQL databases. Experience with CI/CD pipelines, containerized deployments. Familiarity with compliance frameworks (e.g. SOC2, ISO 27001). Familiarity with regulatory frameworks (e.g. GDPR, HIPAA). Ability to guide senior engineers on modern architecture principles and best practices. Excellent written More ❯

and oral communication skills, and ability to assimilate easily into teams; Strong technical skills and a working knowledge of SOX IT General Controls, COSO, SOC 1, and SOC 2; Awareness of ISO 27001, NIST standards, HIPAA, FAIR, and other relevant standards; Effective analytical and critical thinking abilities More ❯