1 to 25 of 172 SOC 2 Jobs in the UK

You'll play a pivotal role in meeting the expectations of enterprise customers, regulators, and auditors alike - guiding the business through certifications like ISO 27001, Cyber Essentials Plus, and SOC 2 , while partnering with engineering and product teams to ensure security is treated as a product feature, not a compliance tick-box. Key Responsibilities Strategic Leadership Develop and … endpoint protection, IAM) Ensure alignment with cloud-native architecture and tooling (we primarily use AWS, GitHub Actions, and Terraform) Compliance & Assurance Lead ongoing readiness and evidence for ISO 27001, SOC 2 Type I & II , and Cyber Essentials Plus Maintain and evolve the ISMS in line with business growth and operational maturity Maintain the security risk register, treatment plans … evolving regulation to inform strategy Drive a strong security culture across the business through storytelling, education, and leadership Key Deliverables Successful recertification of ISO 27001 and Cyber Essentials Plus SOC 2 Type I and II : audit readiness, gap closure, and ongoing assurance Up-to-date ISMS documentation and live security risk register Completion of security training for More ❯

to take ownership of cyber security and data privacy across myairops. This role balances strategic oversight with practical, day-to-day security operations. Youll be central to maintaining our SOC 2 Type II … accreditation, managing third-party relationships, and ensuring our products and cloud infrastructure are secure, resilient, and compliant. In this role, you will have the unique opportunity to lead our SOC2 audit activities, perform risk management reviews, and drive our vulnerability management program in alignment with industry best practices. Your keen eye for detail and exceptional problem-solving skills will be … to demonstrate the attitude and aptitude to take this next career step Experience working in a software environment that is cloud native Experience of successfully achieving ISO27001 or preferably SOC2 Type 2 Strong understanding of application security, cloud infrastructure, and DevOps practices Awareness of industry frameworks, such as NCSC Cyber Assessment Framework, Cyber Essentials Plus and OWASP Experience managing More ❯

guidance, and cyber risk oversight to financial services clients. Further details as follows: Role: Chief Information Security Officer (CISO) Day rate: Competitive OUTSIDE IR35 Time commitment: Expected time commitment – 2-3 days per week, although this could rise to 4-5 days depending on client engagement Start date: ASAP (Targeting mid-June) Location: Remote About the Role We are … will act as an outsourced Chief Information Security Officer, delivering tailored security advice, overseeing cyber risk management, and supporting clients through regulatory and audit readiness processes (e.g., ISO 27001, SOC 2). You will also play a key role in shaping and expanding our security advisory services. Key Responsibilities Serve as a trusted security advisor to FCA-regulated … financial services clients. Provide strategic guidance aligned with FCA , PRA , SYSC , and GDPR requirements. Lead and support risk assessments , security posture reviews , and audit preparations (ISO 27001, SOC 2). Communicate effectively with board-level stakeholders and senior leadership. Collaborate with the sales team to evolve existing services and design new offerings. Support the transition to a long More ❯

contract negotiation and general commercial legal work . You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical legal solutions across the business. Key Responsibilities: Compliance & Risk Management Lead or support internal compliance programs, with a focus … on data privacy, corporate governance, and regulatory frameworks. Oversee SOC 2 Type II maintenance and readiness efforts. Conduct internal training sessions on legal and compliance topics. Legal & Commercial Support Advise on data protection and privacy issues (e.g. GDPR, CCPA) and support implementation of related policies and procedures. Draft, review, and negotiate a wide range of commercial contracts (e.g. … incl. collaborating on matters requiring specialist support, managing costs, etc). About You: Experience & Qualifications Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2). Demonstrated experience reviewing and negotiating commercial agreements. Skills & Traits You enjoy data privacy, compliance and operational legal work and are happy to "roll up your sleeves More ❯

You'll help us keep Synthesia secure and audit-ready by supporting our internal and external trust operation efforts. This includes working with standards like ISO 27001, ISO 42001, SOC 2 and CSA STAR, while also interfacing with customers where necessary. In short, everything that is necessary to earn and maintain customer trust in our security and privacy. … and others to keep us all aligned Getting involved in risk assessments and tracking mitigation efforts Keep us on track and aligned with various frameworks (ISO 27001, ISO 42001, SOC 2, etc.) Exploring other certifications and frameworks as the business evolves We'd love to hear from you if you: Are comfortable navigating technical concepts and asking insightful … growing startup or SaaS company Have supported or participated in an external audit before Work and incorporated AI into your work habits Have experience with frameworks like ISO 27001, SOC 2, or ISO 42001 Have used compliance tools like Vanta , Drata , or similar platforms Know what Okta, Wiz, and Github are Our culture At Synthesia we're passionate More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

in secure coding practices to reduce vulnerabilities proactively. Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and GDPR. Lead efforts to prepare for and support external and internal audits by providing comprehensive documentation, risk assessments, and remediation evidence. Develop and deliver … identity management. Proficient in at least one programming or Scripting language such as Python, Java, JavaScript, or Go. Solid understanding of FinTech compliance requirements and standards including PCI-DSS, SOC 2, GDPR, and ISO 27001. Excellent communication and collaboration skills, capable of working with diverse teams and stakeholders. Nice to Have Industry certifications such as Certified Secure Software More ❯

responses to customer security audits and assurance inquiries. Monitor regulatory changes and contribute to compliance initiatives such as DORA , NIS2 , and other applicable standards and frameworks (e.g., ISO 27001, SOC 2, GDPR). Assist in the development, maintenance, and improvement of internal GRC processes, policies, and documentation. Collaborate with cross-functional teams (Security, Legal, IT, Product, etc.) to … related field. Experience supporting sales processes, including responding to RFx security assessments. Solid understanding of cybersecurity principles, information security best practices, and regulatory requirements (DORA, NIS2, GDPR, ISO 27001, SOC 2, etc.). Excellent written and verbal communication skills; able to translate technical concepts for non-technical audiences. Strong organizational skills with the ability to manage multiple priorities More ❯

improvement of Smarshs ISO 27001-aligned ISMS. Oversee the control assurance programme, ensuring robust evidence collection, control testing, and continuous monitoring. Own key internal and external audit workstreams, including SOC 2, ISO 27001, FedRAMP and customer audits. Cybersecurity Risk Management Drive the risk assessment lifecycle, embedding business, technical, and supply chain risk perspectives. Enhance risk methodologies and tools … reporting, and risk assessments. Proven ability to work across business, engineering, and legal teams to embed governance effectively. Familiarity with modern regulatory landscapes and frameworks such as ISO 27001, SOC 2, GDPR, DORA, FedRAMP and SEC Cyber rules. Strong communication skills, with the ability to create executive-level reporting and artifacts. Experience leading client assurance programmes or third More ❯

driven decisions to enhance customer outcomes. Develop a deep understanding of Vanta's platform and its applications, advising customers on how to optimize their use of our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP, Custom Frameworks), Trust Reports, and Risk Management solutions. Partner closely with your Scale CSA team to co-develop and execute plays that … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

Zoom, Notion, Salesforce). Conduct internal risk assessments and partner with InfoSec and Legal on compliance initiatives. Track IT system health, user experience, and cost efficiencyproactively drive improvements. Support SOC 2, ISO 27001, and other audit processes through proper documentation and controls. Build a roadmap and budget to scale internal IT as Fluidstack grows. About You 710+ years … for onboarding, access, and support. Proficient in security and compliance concepts related to internal systems. Excellent communicator and collaborator who thrives in a fast-paced, distributed environment. Experience supporting SOC 2/ISO 27001 compliance is a plus. Benefits Competitive total compensation package (salary + equity). Retirement or pension plan, in line with local norms. Health, dental More ❯

Oversee the patch management process across Windows and macOS devices, ensuring machines are secure and compliant. Track inventory and maintain accurate asset records in alignment with lifecycle policy and SOC 2 controls. Create and manage user accounts for common software (e.g., Office 365, Google Workspace) and monitor license usage/costs. Experience with Active Directory for user account … independently in both on-site and remote settings. Preferred Experience Experience supporting distributed teams in a hybrid/remote-first environment. Experience working in environments preparing for or maintaining SOC 2 compliance. Education & Certifications 4-year college degree in a related field, or equivalent practical experience. A+ Certification or similar (CompTIA, MTA, etc.) strongly preferred. At Tactiq, we More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and assurance. Key Responsibilities: 1. Governance, Risk & Compliance (GRC) Management Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS). Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place. Maintain a risk register … compliance. Collaborate with leadership to align GRC practices with business objectives. 2. Compliance & Assurance Ensure the organization meets regulatory requirements and industry best practices. Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors. Conduct compliance monitoring and provide periodic reports on adherence to policies. Develop and implement assurance programs More ❯

cross-functional procurement team (including vendor and sourcing specialists). Vendor & Partnership Management Manage complex vendor relationships across hardware, software, cloud, security, and telecom. Oversee vendor compliance with SLA, SOC 2, and other applicable frameworks. Maintain partnership requirements (e.g., Microsoft, Dell, Cisco), including certifications and revenue thresholds. Procurement Operations Oversee all procurement lifecycle activities: assessment, process, negotiation, order … Dell, Lenovo). Knowledge of MSP procurement workflows including CPQ, product bundling, licensing renewals, and hardware lifecycle management. Strong negotiation skills across software, SaaS, and hardware agreements. Familiarity with SOC 2, and other relevant standards. Advanced Excel and experience with procurement platforms (e.g., ConnectWise Sell, Coupa, etc.). Preferred Experience launching Procurement as a Service or similar resale More ❯

track if this doesn't align with what you want to do. Hybrid working - our approach is to be in the office or on client site a minimum of 2 days per week. Work on a broad variety of projects and tech stacks for clients across seven sectors - no project is ever the same Join other experts within our … modeling, security testing) and determining residual risk after applying compensating security controls Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2 and familiarity working with Quality Management Systems Experience working with teams in a structured software development lifecycle process Excellent interpersonal skills, both written and … the role. Quick call with one of our Tech Recruiters - to discuss your application, the role and PA Round 1: Either a competency or technical interview (60 mins) Round 2: Either a competency or technical interview, whichever you didn't do at first round (60 mins) Final round : Meeting with a PA leader - a mini case study and discussion More ❯

won't need experience in all of these areas, their current accreditations are as follows: ISO 9001, 27001, 27701, 27017, 22301, 14001, (phone number removed), 42001, 13485, PCI-DSS, SOC 2 Type 2, CE+. The company work on a hybrid model typically involving 2-3 days a week in the office. Examples of responsibilities: Coordination of More ❯

Develop comprehensive monitoring solutions using Prometheus, Grafana, ELK stack, or similar tools to improve system reliability. Security & Compliance: Apply best practices for cloud security, IAM policies, and compliance frameworks (SOC2, ISO 27001, etc.). Incident Response & Performance Optimization: Troubleshoot issues, perform root cause analysis, and implement fixes to optimize performance. Infrastructure as Code (IaC): Utilize Terraform, Ansible, or similar tools More ❯

AWS Certified Security - Specialty). Experience with other cloud platforms (e.g., Azure, GCP). Familiarity with serverless architectures and AWS Lambda. Expertise in compliance standards such as GDPR, HIPAA, SOC2, and ISO 27001. Experience with advanced security practices such as zero-trust architecture, encryption key management, and security incident response. Why Apply? Senior/Lead role with the ability to More ❯

Subsidiaries to expand our capabilities and develop creative solutions to business challenges and opportunities to continually improve our services. Specifically, we're looking for InfoSec Analysts with at least 2 years of relevant experience to help us improve security across the Octopus Energy Group. If you're passionate about Information Security and driving a positive security culture, we encourage … t subject matter experts Experience producing or supporting the delivery of security awareness programs in different business environments Knowledge of industry and regulatory security standards, such as ISO 27001, SOC2, and GDPR A good candidate will have experience in at least some of the areas mentioned, we're not expecting any candidate to be an expert in all areas! What … will help: Security certifications (any of the famous abbreviations) Security qualifications (e.g. apprenticeships or degrees) Experience working in organisations that maintain ISO 27001 and/or SOC 1 and SOC 2 type II certifications A wider understanding of technology, especially AWS (or other CSPs) A background in a technical role or technical knowledge through education or training More ❯

Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance More ❯

Expertise in cloud architectures (Azure, AWS, or GCP), containerization (Docker/Kubernetes), and hybrid cloud models. Security & Compliance Awareness: Understanding of financial services security frameworks, data privacy regulations (GDPR, SOC 2, etc.), and risk management principles. Business & Technology Alignment: Ability to translate business needs into technology solutions, balancing innovation with operational stability. Stakeholder Management: Strong collaboration skills to More ❯

interactions and market trends. What Sets You Apart: Experience designing and deploying enterprise security solutions at scale. Understanding of regulatory and compliance frameworks such as NIST, ISO 27001, and SOC2 . Prior experience in a pre-sales or consulting role within cybersecurity or identity security domains. Hands-on scripting knowledge (e.g., PowerShell, Python, Bash) for automation and integration purposes. Additional More ❯