1 to 25 of 82 SOC 2 Jobs in the UK

on security, data privacy, compliance, and regulatory matters. You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical compliance solutions across the business. A background in Security Engineering is a big plus as it would enable you … Compliance (GRC) Lead or support internal compliance programs, with a focus on data privacy, corporate governance, and regulatory frameworks Manage the organization's compliance with frameworks and regulations (oversee SOC 2 Type II maintenance and readiness efforts) Conduct risk assessments and maintain the enterprise risk register Ensure third-party vendor risk management processes are in place Awareness & Training … report status to executive leadership Ensure timely remediation of audit findings About You: Experience & Qualifications Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2) Strong knowledge of security standards, controls, and best practices (NIST, CIS, OWASP) Familiarity with cloud security (AWS, Azure, GCP) Experience with audit management, GRC tools, and security More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

growth. Key Responsibilities Own and manage governance, risk, and compliance initiatives for our SaaS platforms. Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks. Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection. Collaborate with product, engineering, and IT teams to … Compliance, or related field. 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies). Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar). Ability to interpret regulations and translate them into practical, business-friendly processes. Excellent written and verbal communication skills (German or English; both More ❯

the global information security compliance program. Conduct internal audits, third-party risk assessments, and due diligence reviews. Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD. Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives. Identify gaps in security controls and recommend corrective actions. Maintain and update … information security compliance, risk management, and audit. Strong understanding of international regulatory frameworks and standards. Hands-on experience with: ISO27001 audits and implementation GDPR compliance NIST cybersecurity framework SOX, SOC 2, HIPAA, CCPA, LGPD Ability to interpret complex regulatory requirements and translate them into actionable controls. Excellent communication and stakeholder engagement skills. Strong analytical and problem-solving capabilities. More ❯

handling, and device security. Implement practical controls for identity and access management, encryption, endpoint protection, and incident response. Use your understanding of frameworks like Cyber Essentials, ISO 27001, or SOC 2 to guide scalable, pragmatic governance - even if full certification isn't required right away. Help prepare the business for potential future audit, assurance or client due diligence … headcount), ideally PE-backed or professional services-led. Strong practical knowledge of Microsoft 365, Azure AD, endpoint management, and identity/access controls. Familiarity with frameworks like ISO27001, SOC 2, or NIST - and the judgment to apply what's appropriate for scale. Experience working with (or managing) outsourced IT providers. Excellent communication and stakeholder skills - able to influence More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

development of effective security measures. Support the development, implementation, and continuous improvement of the organization's security strategy, policies, and procedures. Support the maintenance of our ISO 27001 and SOC 2 Level 2 certifications. What you'll bring Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field. Master's degree or relevant certifications … you? Competitive salary and uncapped commission. 26 days of annual leave and Bank Holidays Top-notch Private Healthcare and Health Cash Plan Hybrid working model Initial home office budget 2-month work abroad policy Great training and yearly learning budget Employer pension scheme Enhanced maternity pay Social activities and team outings Referral bonus Employee Assistance Program Great hardware and More ❯

Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Implement automated compliance controls and … to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years. All of our plans provide best in class coverage: Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children Low $10 (USD) copays for trips to More ❯

technologies like Docker and Kubernetes Knowledge of security best practices for cloud environments (AWS, Azure, GCP) Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2 Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment Strong problem-solving skills and a passion for continuous improvement More ❯

self-service deployment capabilities. Improve developer productivity by standardizing environments and streamlining workflows. Security & Compliance Partner closely with the ISO and Security teams to maintain compliance with ISO 27001, SOC 2, and GDPR. Implement identity and access management, secrets management, and network security best practices. Drive a security-first culture across platform and product teams. Mentorship & Leadership Act More ❯

tools (EDR, vulnerability scanners, SCA, etc.) Own and manage internal authentication (SSO, MFA, identity lifecycle) Secure endpoints, laptops, and internal systems Lead security awareness and employee training programs Drive SOC 1/2 and other compliance frameworks Build internal security policies, playbooks, and operational processes Manage relationships with vendors, auditors, and pentesters We're Looking For Someone Who … or similar certification Strong knowledge of cloud security, secure software development, and common vulnerabilities Proven experience securing production environments and CI/CD systems Familiarity with security compliance frameworks (SOC 2, ISO 27001) Experience deploying and operationalising security tools Excellent communication skills and the ability to collaborate across teams A pragmatic, system-oriented mindset that balances risk and More ❯

Conditional Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with SOC and managed Sentinel provider on incident handling Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance Manager Maintain More ❯

Systems Security Professional (CISSP) or equivalent IT Risk, Governance, Security Strategy certification. - Digital transformations experience to drive process improvements. - A good understanding of regulatory landscape (CSSF, DORA, EBA, NIS2, SOC 2) - Experience with cloud platforms risk management, cloud security, and compliance, including IAM, cloud incident response, and resilience testing. - Master's degree or equivalent. Amazon is an equal More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence … the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯