1 to 25 of 71 Permanent SOC 2 Jobs in the UK

RaaS) platforms. Reporting to the Head of Compliance, this role is responsible for implementing, operating, and maintaining security controls, supporting certification to ISO 27001, SOC 2, and other relevant security frameworks, and embedding security-by-design into engineering, IT, and product operations as the business scales globally. This … Maintain risk assessments, risk registers, Statements of Applicability, and control mappings. Collect, manage, and present evidence for ISO 27001 certification and surveillance audits. Support SOC 2 readiness, control operation, evidence gathering, and audit coordination. Security Controls and Engineering Integration Implement and maintain security controls across: Cloud infrastructure and ...

Cyber Security Assurance Manager Portsmouth, UK (flexible working - 2 days a week on-site!) I'm working with a fast-growing UK cyber security provider delivering SOC and managed security services to enterprise and critical infrastructure customers. As they scale, they're investing in assurance and governance … strengthen customer trust and credibility. They're hiring a Cyber Security Assurance Manager to own certifications, audits, and customer assurance across their SOC environment. This is a high-impact, visible role working closely with SOC, GRC, and commercial leadership. Key focus areas * Leading ISO 27001, SOC 2 ...

addition maintaining the organisations compliance with ISO 9001:2025 (Already certified). Looking forward into the future these requirements are also on the horizon: SOC 2 Type 2: For targeting US-based clients DPIA (Data Protection Impact Assessment) AI-Specific Compliance (The 2026 Frontier) ISO/… people side of making compliance work in practice. Youll likely bring: Proven experience implementing at least one of: Cyber Essentials, ISO 27001:2022 or SOC 2 Strong organisational skills and the ability to break complex frameworks into clear, actionable steps Confidence working with technical teams and a comfort ...

following information should be read carefully by all candidates. - Nottingham CityContract type: PermanentHours: Full-time, 35 hoursLocation: Head Office, Nottingham (Hybrid working, minimum 2 days per week)Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments … identify vulnerabilities, focusing on protecting customer data and financial systems. Regulatory Compliance: Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines. Effectiveness Monitoring: Monitor and assess the effectiveness of security controls, policies, and procedures. Audit Support: Support audits ...

Risk Analyst - Nottingham City Contract type: Permanent Hours: Full-time, 35 hours Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week) Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying … identify vulnerabilities, focusing on protecting customer data and financial systems. Regulatory Compliance: Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines. Effectiveness Monitoring: Monitor and assess the effectiveness of security controls, policies, and procedures. Audit Support : Support audits ...

Infrastructure as Code – Build and maintain Terraform across projects, networks, IAM, and services Enforce security and compliance – Implement controls aligned with healthcare requirements (HIPAA, SOC 2, ISO 27001); configure IAM, service accounts, workload identity, network security, and audit logging; support audits and remediation activities Manage internet-facing architecture …/identity-based access models Experience with containerised and serverless workloads (Cloud Run, GKE, Docker) Practical experience implementing security controls in cloud environments (SOC 2, ISO 27001, HIPAA, or similar) Experience operating web-facing, security-sensitive systems Comfortable working closely with ML, data, and product teams to translate ...

Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top tier investors like Y Combinator and have offices … contract fee) Performance-based commission Uncapped upside Top performers will earn meaningfully above OTE. About the Role We are hiring an Account Executive with 2-4 years of B2B SaaS closing experience. This is not an entry-level role. This is a full-cycle Account Executive position for someone ...

container security. Identity & Access Management experience (e.g. Okta). Experience with JVM languages, Terraform/IaC, CDK, or React. Familiarity with GDPR, ISO 27001, SOC 2, EU AI Act/LLMs. Experience delivering audits or using GRC tools (e.g. Drata, Vanta) Interest in AI and/or knowledge ...

container security. Identity & Access Management experience (e.g. Okta). Experience with JVM languages, Terraform/IaC, CDK, or React. Familiarity with GDPR, ISO 27001, SOC 2, EU AI Act/LLMs. Experience delivering audits or using GRC tools (e.g. Drata, Vanta) Interest in AI and/or knowledge ...

with engineering teams to embed data protection into application architecture and CI/CD pipelines Support compliance initiatives including GDPR, HIPAA, PCI DSS, and SOC 2 Conduct data-focused risk assessments and threat modelling Monitor and respond to data-related security incidents and alerts Develop and maintain data ...

Prometheus, Grafana, ELK, etc.). Strong communication skills and the ability to collaborate across engineering teams. Knowledge of compliance/security frameworks (PCI DSS, SOC2, ISO, GDPR). Experience with microservices and serverless environments. Familiarity with SQL/NoSQL databases. Proven ability to lead technical initiatives in complex environments. Location ...

design. Support penetration tests and third‐party security assessments, ensuring outcomes translate into completed remediation. Assist with compliance/assurance activity (e.g., ISO27001, SOC2, GDPR) by producing logs, evidence and documentation. Act as a confident security advocate in roadmap decisions—able to push back, prioritise critical risk items, and bring … hardening and vulnerability management. Experience with vulnerability assessments/penetration testing and driving remediation to closure. Working knowledge of frameworks such as ISO 27001, SOC 2 and GDPR, with practical experience embedding controls operationally. Comfortable working in automated environments using Infrastructure‐as‐Code (Terraform) and CI/ ...

design. Support penetration tests and third‐party security assessments, ensuring outcomes translate into completed remediation. Assist with compliance/assurance activity (e.g., ISO27001, SOC2, GDPR) by producing logs, evidence and documentation. Act as a confident security advocate in roadmap decisions—able to push back, prioritise critical risk items, and bring … hardening and vulnerability management. Experience with vulnerability assessments/penetration testing and driving remediation to closure. Working knowledge of frameworks such as ISO 27001, SOC 2 and GDPR, with practical experience embedding controls operationally. Comfortable working in automated environments using Infrastructure‐as‐Code (Terraform) and CI/ ...

assurance programmes. Proven experience designing, executing, and improving structured vendor due diligence processes. Strong understanding of vendor-held assurance artefacts such as ISO 27001, SOC 2, CSA STAR/CAIQ, and security questionnaires. Ability to communicate complex vendor-related cyber risks clearly to both business and technical audiences. ...

and optimisation modelling using PyCaret, Prophet, and Optuna to strengthen data‐driven decision‐making. Security, Compliance & Responsible AI Ensure alignment with enterprise security frameworks (SOC2, ISO27001, NIST). Oversee identity and access management via Azure AD, OAuth2, OpenID Connect, and enterprise IAM systems. Champion ethical AI practices, including bias detection ...

Experience with authentication methods such as OAuth 2.0, API keys, JWT IT background with experience supporting, integrating, or administering enterprise software systems Exposure to SOC 2, GDPR, or enterprise security requirements Experience with Infrastructure as Code (CDK, CloudFormation, or Terraform) Knowledge of CI/CD pipelines and deployment … backed by real clients, real revenue, and real partnerships What We Offer 25 days holiday + bank holidays Pension scheme with 10% employer contribution 2% interest rate reduction on home mortgages Professional development & life assistance programs Snacks sent to your door—you pick, we pay 50% off Apple products ...

Experience with authentication methods such as OAuth 2.0, API keys, JWT IT background with experience supporting, integrating, or administering enterprise software systems Exposure to SOC 2, GDPR, or enterprise security requirements Experience with Infrastructure as Code (CDK, CloudFormation, or Terraform) Knowledge of CI/CD pipelines and deployment … backed by real clients, real revenue, and real partnerships What We Offer 25 days holiday + bank holidays Pension scheme with 10% employer contribution 2% interest rate reduction on home mortgages Professional development & life assistance programs Snacks sent to your door—you pick, we pay 50% off Apple products ...

documentation, organisation, and communication skills. Confidence engaging with auditors, regulators, customers, and senior stakeholders. Desirable Experience HIPAA and healthcare/health tech compliance experience. SOC2 knowledge. Understanding of cloud security and SaaS environments. Qualifications (desirable but not required) CIPP/E, CIPM, CIPT ISO27001 Lead Implementer/Lead Auditor HCISPP ...

and associated services. Enhance identity governance, privileged access management, DLP, and data classification. Support Defender tooling and alert management. Threat & Vulnerability Management Work with SOC partners to triage and respond to alerts. Conduct vulnerability assessments and coordinate remediation efforts. Enhance endpoint protection and XDR capabilities. Security Operations & Compliance Harden … endpoints, and virtual desktop environments. Maintain logging, monitoring, and alerting coverage. Support external audits and recognised security certifications (e.g., Cyber Essentials Plus, ISO 27001, SOC 2). About You 3+ years’ experience in security engineering or cyber operations. Strong hands-on Azure and Microsoft 365 security expertise. Experience ...

Senior Security Risk Specialist – Contract Location - London (Hybrid – 2 days onsite in Bank) Term: 6 months Rate: £800 per day (Inside iR35) We’re looking for a Senior Security Risk Specialist to support a technology company’s Security Risk Management function. Reporting to the Head of Security Risk & Assurance … background in security risk management within tech or regulated environments Cloud security risk assessment experience (AWS experience a must) Familiarity with ISO 27001, NIST, SOC 2, PCI-DSS Comfortable engaging technical and non-technical stakeholders GRC tooling experience, consulting background, CISM/CRISC/CISSP This ...

security Infrastructure-as-code mindset and strong automation skills Comfortable working cross-functionally and owning shared platforms Nice to Have Experience with compliance frameworks (SOC 2, ISO 27001, etc.) Familiarity with SRE principles and reliability engineering Security certifications or deep interest in cloud security About ...

hybrid infrastructure. Support secure configuration, IAM, cloud environments, patch management, and application security testing. Ensure compliance with standards such as Cyber Essentials, ISO 27001, SOC 2, and GDPR. Play a key role during high-pressure incidents, managing both technical resolution and stakeholder communication. Participate ...

large technology environment Deep expertise across multiple cyber security domains Strong understanding of frameworks such as ISO 27001, NIST, CAF, CIS, Cyber Essentials+, SOC 2 At least one major certification (CISSP, CISM, CISA, ISO Lead Auditor/Implementer) Exceptional stakeholder engagement skills and executive presence Strong analytical and ...

other OT/IT grid management platforms. Knowledge of GridOS ecosystem and integration with DERMS. Exposure to cybersecurity standards (NERC CIP, ISO 27001, SOC2). Cloud/hybrid deployment experience (Azure, AWS). Certifications such as ITIL, Security+, or utility-specific systems training. Scripting/automation skills (Python, Bash, PowerShell ...

teams. Key Responsibilities Design and implement security strategies, policies and controls Lead vulnerability assessments, penetration testing and remediation Oversee regulatory and compliance frameworks including SOC2, ISO 27001 and GDPR Monitor systems and respond to incidents and security events Strengthen AWS and GCP cloud security environments Support customer and sales teams ...