Fractional CISO (SOC2)

Fractional CISO

  • 2–3 days per week
  • 1 day a week in London (City)
  • Initial 3-month engagement (likely extension)

Partnered with an AI-driven digital health startup that’s redefining care across the UK and US.

As they scale commercially and prepare for continued US growth, they’re looking for a hands-on Fractional CISO to work directly alongside the CTO and take ownership of their security, governance and compliance maturity.

This is not a “strategy-only” advisory role. They need someone who can operate at Board level whilst also getting deep into controls, engineering processes, access management and audit readiness.

What you’ll be doing

  • The immediate priority is leading the SOC 2 programme end-to-end, driving Type I readiness and laying the operational foundations for Type II.
  • Crucially, the environment needs to be architected against NIST SP 800-53 from day one, so the controls implemented now can later support frameworks such as FedRAMP, TX-RAMP and broader US public-sector healthcare procurement without rework

You’ll:

  • Own the SOC 2 programme from scoping through audit delivery
  • Define the system boundary, Trust Services Criteria and evidence strategy
  • Lead Vanta implementation, continuous monitoring and audit preparation
  • Select and manage the external auditor relationship
  • Build a reusable control framework mapped across SOC 2, NIST 800-53, HIPAA, GDPR and ISO 13485
  • Mature engineering governance around secure SDLC, CI/CD, IaC, change management and release controls
  • Strengthen identity and access management across cloud infrastructure, SaaS tooling and production environments
  • Implement least-privilege access controls, PAM processes and auditable JML workflows
  • Improve Microsoft 365 / Entra ID security posture including Conditional Access, DLP and endpoint compliance
  • Drive incident response, logging, monitoring, backup and disaster recovery maturity
  • Lead third-party risk management and security reviews
  • Support enterprise customer security reviews and questionnaires with US healthcare partners

What they’re looking for

  • Proven experience leading multiple SOC 2 Type I & II programmes end-to-end
  • Strong working knowledge of NIST SP 800-53 control families and cross-framework mapping
  • Experience within healthtech, medtech, fintech or another regulated SaaS environment
  • Hands-on understanding of cloud security, IAM, secure engineering practices and operational resilience
  • Experience working with AICPA auditors and compliance automation tooling
  • Ability to balance pragmatism with strong security standards in a fast-moving scale-up
  • Comfortable operating across engineering teams, senior leadership, enterprise customers and investors
  • CISSP, CISM or equivalent preferred

Please apply and we will contact you to discuss further and your charge rate

Apply Now
Apply Now

Job Details

Company
Few&Far
Location
London Area, United Kingdom
Posted