1 to 25 of 68 Permanent SOC 2 Jobs in England

Salary: Up to £65,000 Employment Type: Permanent Job Summary: Our client, a leading IT services and consulting firm, is seeking a Cyber Security Assurance Manager to ensure their SOC meets and maintains … top security certifications and assurance standards. As part of the GRC function, you’ll lead customer assurance activities, manage external audits, and oversee key certifications such as ISO 27001, SOC2 Type II, Cyber Essentials Plus, and CREST SOC accreditation. Key Responsibilities: Act as primary contact for customer assurance activities, supporting RFIs, RFPs, and client audit requests Deliver training and … awareness sessions on SOC assurance standards to internal teams Develop customer-facing assurance documentation demonstrating the organisation's security posture Lead the delivery and ongoing maintenance of SOC-related certifications (SOC 2 Type II, SOC 3, ISO/IEC 27001, Cyber Essentials Plus, CREST) Embed certification requirements into SOC governance, processes, and operational practices More ❯

critical risks Act as a key security advisor to engineering teams, providing expert guidance on security best practices, vulnerability mitigation, and secure design patterns Translate regulatory requirements (PCI DSS, SOC 2, ISO 27001) into concrete technical controls and implementation plans in collaboration with the GRC team Lead incident response efforts, including investigation and remediation of security breaches Support … with the latest security threats, vulnerabilities, and mitigation techniques What skills are desirable, but not essential: Hands-on experience helping a company achieve and maintain compliance with frameworks like SOC 2, ISO 27001, or PCI DSS Experience in automating security controls and compliance checks against standards and frameworks which include SOC 2, ISO 27001, PCI DSS More ❯

fast-moving environment Strong bias for action - a hands-on doer who gets things done Experience in product-led or SaaS businesses is highly desirable Will take ownership of SOC 2 compliance as we prepare for certification Comfortable managing compliance processes and working cross-functionally to meet security standards Strong knowledge of information security protocols and procedures Proficiency … accreditation projects Excellent Communication Skills About the role Continue review and improve the security policies Implement and maintain ISMS Ensure compliance with relevant security standards and regulations (ISO 27001, SOC 2, Cyber Essentials, etc.) Experience of undergoing third-party assessments/audits (e.g. ISO27001, SOC 2, etc.) Work to acquire new accreditations in line with the More ❯

with advanced technology solutions. We build products where data security is a top priority, and we are looking for a strong backend developer with experience in information security and SOC 2 compliance. As a qualified expert, You will Develop backend applications using Node.js + TypeScript Design secure system architectures Implement solutions that meet SOC 2 and … We're looking for you if you have 5+ years of commercial experience with Node.js and TypeScript Strong knowledge of PostgreSQL and MongoDB Experience in information security and compliance (SOC 2, ISO 27001, etc.) Understanding of DevSecOps principles Ability to make architectural decisions Commitment to long-term work in a stable team Bonus Points Experience conducting security audits More ❯

external pen-test liaison) and two GRC specialists. What you’ll do Drive and extend ISO 27001 implementation/maintenance (UK certified; expanding to Madrid and Manila ). Support SOC 2 Type 2 maintenance (already accredited)—expert level not required. Oversee SIEM operations with the tech team: ensure log ingestion/coverage , daily monitoring, and follow-up. … GRC grounding plus solid technical understanding (AWS-heavy environment). Comfortable being hands-on where needed; people management nice-to-have, not essential. ISO 27001 (implementation/assurance) experience; SOC 2 exposure helpful. SIEM familiarity and the ability to work with engineers on coverage, tuning, and use-cases . Stakeholder-savvy; calm under pressure; excellent written/verbal More ❯

will chair status review sessions, maintain accreditation tracking systems, and provide regular updates to senior partners. You will manage responsibilities (including implementation) related to ISO27001, Cyber Essentials/Plus, SOC2 accreditations. You will also support audit readiness, collaborate with governance and risk teams, and integrate compliance findings into policy documentation. This is a hybrid, Nottingham-based role reporting to the … Regional Head of Client Security Assurance Summary of Primary Responsibilities Manage ISO27001, Cyber Essentials/Plus, SOC2 accreditations Lead contract negotiations, re-wording, and redlining, with a preference for UK&I and EU regulatory experience Provide regular accreditation status updates to senior partners Participate in SOC 2-related discussions with teams Oversee governance-related trackers and calls, including … risk management teams Partner with policy and standards teams to integrate compliance findings into documentation Qualifications Experience with compliance, audit coordination, or information security Familiarity with ISO 27001/2, SOC, ISAE, PCI, NIST, CIS or similar benchmarks Experience with cloud platforms such as AWS, Azure, or GCP Experience with IT and security operations, including Windows/Linux More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

threats. What you'll get to do? Design, build, and maintain security automation and tooling to enforce security controls and simplify compliance (e.g., automating evidence collection for frameworks like SOC 2, ISO 27001, or PCI DSS) Build, manage, and automate identity and access management controls to ensure secure access to our cloud platforms and applications Write and review … ATT&CK), and the threat landscape The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Experience in automating security controls for compliance frameworks like SOC 2, ISO 27001, or PCI DSS. Expertise in Kubernetes, securing clusters and meshes (Cilium is preferable), networking best practices and RBAC implementation (CKA, CKS qualifications are a plus More ❯

the global information security compliance program. Conduct internal audits, third-party risk assessments, and due diligence reviews. Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD. Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives. Identify gaps in security controls and recommend corrective actions. Maintain and update … information security compliance, risk management, and audit. Strong understanding of international regulatory frameworks and standards. Hands-on experience with: ISO27001 audits and implementation GDPR compliance NIST cybersecurity framework SOX, SOC 2, HIPAA, CCPA, LGPD Ability to interpret complex regulatory requirements and translate them into actionable controls. Excellent communication and stakeholder engagement skills. Strong analytical and problem-solving capabilities. More ❯

small but scalable team (3-5), aligning technology roadmaps with business goals, and managing vendor relationships and audit requirements. Key Areas of Responsibility Cybersecurity Ensure compliance with ISO 27001, SOC 2, GDPR, and other frameworks. Lead incident response, vulnerability management, and threat detection. Oversee disaster recovery and business continuity planning. Champion a DevSecOps culture across the organisation. IT … cloud infrastructure, or cybersecurity roles. Strong expertise with Azure, Oracle Cloud, and DevOps practices . Proven experience managing IT systems in SaaS or tech businesses. Familiarity with ISO 27001, SOC 2, NIST, and FedRAMP. Certifications such as CISSP, CISM, or advanced Azure credentials are a strong advantage. Excellent leadership, communication, and cross-functional collaboration skills. Why Apply? This More ❯

small but scalable team (3-5), aligning technology roadmaps with business goals, and managing vendor relationships and audit requirements. Key Areas of Responsibility Cybersecurity Ensure compliance with ISO 27001, SOC 2, GDPR, and other frameworks. Lead incident response, vulnerability management, and threat detection. Oversee disaster recovery and business continuity planning. Champion a DevSecOps culture across the organisation. IT … cloud infrastructure, or cybersecurity roles. Strong expertise with Azure, Oracle Cloud, and DevOps practices . Proven experience managing IT systems in SaaS or tech businesses. Familiarity with ISO 27001, SOC 2, NIST, and FedRAMP. Certifications such as CISSP, CISM, or advanced Azure credentials are a strong advantage. Excellent leadership, communication, and cross-functional collaboration skills. Why Apply? This More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

the business. Duties & Responsibilities Develop, implement, and maintain compliance policies and frameworks in line with industry standards. Conduct regular internal audits and support external audits for ISO 27001 and SOC 2 compliance. Monitor and report on organisational risk posture, providing regular updates to senior management. Oversee data protection, physical security, and vendor compliance activities. Promote compliance awareness across … through training and guidance. What Experience is Required Proven experience in a compliance, risk, or audit-focused role within a technology or regulated environment. Strong understanding of ISO 27001, SOC 2, and data protection regulations (e.g., GDPR). Excellent communication and stakeholder engagement skills, with the ability to influence across teams. Salary & Benefits Salary: £40,000 per annum. … Hybrid working (office in Knutsford, 2–3 days per week on-site). Excellent benefits including private healthcare, generous holiday allowance, and professional development support. Location Based in Knutsford , this role is easily commutable from Manchester, Warrington, Altrincham, Northwich, Wilmslow, and Macclesfield . How to Apply Please apply in strict confidence by sending your CV to Kate Morgan at More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

the Way in Cyber Security Assurance? Robert Half are seeking a dynamic, proactive, and experienced Cyber Security Assurance Manager to join a globally-scaled, fast-paced Security Operations Centre (SOC) environment. In this crucial role, you will ensure that the SOC maintains its commitment to best-in-class standards through internationally recognised security certifications and industry-wide assurance … member in Governance, Risk, and Compliance (GRC) , you will lead certification efforts, influence operational processes, and engage directly with customers and auditors to showcase security credentials that differentiate our SOC from the competition. If you're skilled in blending technical insight with customer-focused communication … while driving compliance excellence, this opportunity is for you! What We're Looking For: Qualifications and Experience: Proven experience delivering and managing cybersecurity certifications (e.g., ISO/IEC 27001, SOC2 Type II, Cyber Essentials Plus, CREST). A strong understanding of SOC operations and security assurance frameworks. Experience engaging with customers during audits and RFP/RFI processes, showcasing More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Implement automated compliance controls and … to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years. All of our plans provide best in class coverage: Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children Low $10 (USD) copays for trips to More ❯

observability and predictive analytics to proactively prevent outages. Security, Compliance & Risk Management: Drive zero-trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. More ❯

compliance. Review and update Vulnerability Management related documentation to align with internal and external compliance requirements, industry best practices and emerging threats (e.g. ISO 27001, PCI DSS/3DS, SOC 2 and NIST) Help define scanning schedules, thresholds, and automation opportunities. Collaborate with DevSecOps/Product Teams to embed security scanning into CI/CD pipelines. Assist in … come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: Stage 1 - 45 mins with BISO Stage 2 - 60 min with Peers Stage 3 - Final with CTO/Deputy CTO Benefits 33 days holiday (including public holidays, which you can take when it works best for you More ❯

risks and deploy effective remediation measures. Monitor systems, networks, and logs then Investigate security breaches, incidents, and other cybersecurity events. Oversight of compliance for regulatory compliance requirements, such as SOC2, HIPAA, ISO 27001, GDPR etc, and ensure our systems adhere to these standards Conduct security awareness training sessions, enabling the business. Who you are Cloud security enthusiast - You're comfortable More ❯

of Natural Language Processing (NLP), model lifecycle management, and explainability techniques. - Ability to articulate how AI models integrate into enterprise workflows and compliance frameworks. Security & Compliance: - Strong grasp of SOC 2, ISO 27001, GDPR, and enterprise security best practices. - Understanding of identity and access management (IAM), encryption standards, and secure API design. Integrations & APIs: - Experience with RESTful APIs … whether it's troubleshooting a deployment, customizing a demo, or advising on architecture. * Thrives in a fast-paced, high-growth environment where adaptability and initiative are key. Education A 2:1 degree or higher in a technical, scientific, engineering, or mathematical discipline from a recognized university. What You'll Be Doing * Lead and Develop the Team: Recruit, mentor, and … list for this position. Useful Keywords Technical Presales Lead, Solutions Engineering, Pre-Sales Manager, Cloud Architecture, AWS, Azure, GCP, Kubernetes, ECS, Fargate, Terraform, AI/ML, NLP, Security Compliance, SOC2, ISO 27001, GDPR, SaaS, Enterprise Software, API Integrations, Player-Coach, Technical Leadership, Proof of Value, Enterprise Presales More ❯

identify and mitigate risks. Work closely with the security team to integrate best practices into new and existing features. Ensure compliance with security standards and regulations (e.g., ISO 27001, SOC 2). Implement monitoring solutions to detect and respond to real-time security incidents. Troubleshoot infrastructure and security issues, performing root cause analysis in production. Mentor junior engineers More ❯

Maintain robust CI/CD pipelines, collaborating closely with development teams to streamline deployment processes. Maintain and enhance our security posture, ensuring compliance with industry standards and frameworks (e.g., SOC-2, ISO 27001). Diagnose and resolve infrastructure outages and incidents, ensuring timely resolution and root cause analysis. Documentation & Best Practices: Ensure comprehensive documentation of infrastructure, systems, and processes More ❯

portals, or golden path templates. Serverless and event-driven architectures (Functions, Logic Apps, Event Grid). Experience in regulated industries (e.g., Financial Services) and with compliance standards (ISO 27001, SOC 2). Knowledge of FinOps principles and cost governance on Azure. Interview process Stage 1 (remote): competency and technical interview including discussion of prior platform/DevOps work … and scenario-based problem solving. Stage 2 (on-site/remote): practical exercise (e.g., pipeline/IaC/Kubernetes task) and a short design presentation to a panel. Working schedule This role is permanent, full time, 37.5 hours per week, Monday to Friday. We offer a hybrid flexible working pattern to enable you the option of working from home More ❯

will include maintaining and improving our security posture in tandem with GRC practices and policies as they evolve to align with current and future standards and frameworks, such as SOC 2, ISO 27001, as well as applicable legislation, including GDPR and UK DPA, working closely with our Legal and Privacy as well as the wider Technology team. Internally … solution design, e.g. Zero Trust, least privilege RBAC, Security by Design, PAM, Segregation of Duties Data Protection and DLP Experience Experience with the following would also be beneficial: NIST, SOC2 and additional compliance and regulatory frameworks Project Management and technical delivery Experience of, or a keen interest in, the business of sport Benefits We offer a benefits package to suit More ❯