1 to 25 of 112 Permanent SOC 2 Jobs in the UK

to take ownership of cyber security and data privacy across myairops. This role balances strategic oversight with practical, day-to-day security operations. Youll be central to maintaining our SOC 2 Type II … accreditation, managing third-party relationships, and ensuring our products and cloud infrastructure are secure, resilient, and compliant. In this role, you will have the unique opportunity to lead our SOC2 audit activities, perform risk management reviews, and drive our vulnerability management program in alignment with industry best practices. Your keen eye for detail and exceptional problem-solving skills will be … to demonstrate the attitude and aptitude to take this next career step Experience working in a software environment that is cloud native Experience of successfully achieving ISO27001 or preferably SOC2 Type 2 Strong understanding of application security, cloud infrastructure, and DevOps practices Awareness of industry frameworks, such as NCSC Cyber Assessment Framework, Cyber Essentials Plus and OWASP Experience managing More ❯

contract negotiation and general commercial legal work . You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical legal solutions across the business. Key Responsibilities: Compliance & Risk Management Lead or support internal compliance programs, with a focus … on data privacy, corporate governance, and regulatory frameworks. Oversee SOC 2 Type II maintenance and readiness efforts. Conduct internal training sessions on legal and compliance topics. Legal & Commercial Support Advise on data protection and privacy issues (e.g. GDPR, CCPA) and support implementation of related policies and procedures. Draft, review, and negotiate a wide range of commercial contracts (e.g. … incl. collaborating on matters requiring specialist support, managing costs, etc). About You: Experience & Qualifications Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2). Demonstrated experience reviewing and negotiating commercial agreements. Skills & Traits You enjoy data privacy, compliance and operational legal work and are happy to "roll up your sleeves More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

in secure coding practices to reduce vulnerabilities proactively. Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and GDPR. Lead efforts to prepare for and support external and internal audits by providing comprehensive documentation, risk assessments, and remediation evidence. Develop and deliver … identity management. Proficient in at least one programming or Scripting language such as Python, Java, JavaScript, or Go. Solid understanding of FinTech compliance requirements and standards including PCI-DSS, SOC 2, GDPR, and ISO 27001. Excellent communication and collaboration skills, capable of working with diverse teams and stakeholders. Nice to Have Industry certifications such as Certified Secure Software More ❯

/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline. Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews. Enable revenue. Partner with Sales & Customer Success to answer security … document best practices, and keep calm during incidents. Comfort with ambiguity. First dedicated security hire? Perfect-you'll set the bar. Nice-to-haves Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications. Demonstrated open-source security contributions, CTF wins, or conference talks. Experience with procurement or fintech data-flows, third-party risk, or More ❯

/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline. Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews. Enable revenue. Partner with Sales & Customer Success to answer security … document best practices, and keep calm during incidents. Comfort with ambiguity. First dedicated security hire? Perfect-you'll set the bar. Nice-to-haves Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications. Demonstrated open-source security contributions, CTF wins, or conference talks. Experience with procurement or fintech data-flows, third-party risk, or More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

cross-functional procurement team (including vendor and sourcing specialists). Vendor & Partnership Management Manage complex vendor relationships across hardware, software, cloud, security, and telecom. Oversee vendor compliance with SLA, SOC 2, and other applicable frameworks. Maintain partnership requirements (e.g., Microsoft, Dell, Cisco), including certifications and revenue thresholds. Procurement Operations Oversee all procurement lifecycle activities: assessment, process, negotiation, order … Dell, Lenovo). Knowledge of MSP procurement workflows including CPQ, product bundling, licensing renewals, and hardware lifecycle management. Strong negotiation skills across software, SaaS, and hardware agreements. Familiarity with SOC 2, and other relevant standards. Advanced Excel and experience with procurement platforms (e.g., ConnectWise Sell, Coupa, etc.). Preferred Experience launching Procurement as a Service or similar resale More ❯

track if this doesn't align with what you want to do. Hybrid working - our approach is to be in the office or on client site a minimum of 2 days per week. Work on a broad variety of projects and tech stacks for clients across seven sectors - no project is ever the same Join other experts within our … modeling, security testing) and determining residual risk after applying compensating security controls Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2 and familiarity working with Quality Management Systems Experience working with teams in a structured software development lifecycle process Excellent interpersonal skills, both written and … the role. Quick call with one of our Tech Recruiters - to discuss your application, the role and PA Round 1: Either a competency or technical interview (60 mins) Round 2: Either a competency or technical interview, whichever you didn't do at first round (60 mins) Final round : Meeting with a PA leader - a mini case study and discussion More ❯

won't need experience in all of these areas, their current accreditations are as follows: ISO 9001, 27001, 27701, 27017, 22301, 14001, (phone number removed), 42001, 13485, PCI-DSS, SOC 2 Type 2, CE+. The company work on a hybrid model typically involving 2-3 days a week in the office. Examples of responsibilities: Coordination of More ❯

Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance More ❯

technologies like Docker and Kubernetes Knowledge of security best practices for cloud environments (AWS, Azure, GCP) Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2 Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment Strong problem-solving skills and a passion for continuous improvement More ❯

AWS Certified Security - Specialty). Experience with other cloud platforms (e.g., Azure, GCP). Familiarity with serverless architectures and AWS Lambda. Expertise in compliance standards such as GDPR, HIPAA, SOC2, and ISO 27001. Experience with advanced security practices such as zero-trust architecture, encryption key management, and security incident response. Why Apply? Senior/Lead role with the ability to More ❯

Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security scanning to proactively identify … security operations. Desirable Certifications: Azure Security Engineer Associate, CISSP, OSCP (Offensive Security Certified Professional), CCSP, or equivalent. Experience with container security (Docker, Kubernetes). Knowledge of NIST, ISO 27001, SOC 2 compliance frameworks. Familiarity with Zero Trust security principles. Other Stuff NB: Please only apply if you are able to work from their Debden (IG10) offices Monday-Friday. More ❯

Expertise in cloud architectures (Azure, AWS, or GCP), containerization (Docker/Kubernetes), and hybrid cloud models. Security & Compliance Awareness: Understanding of financial services security frameworks, data privacy regulations (GDPR, SOC 2, etc.), and risk management principles. Business & Technology Alignment: Ability to translate business needs into technology solutions, balancing innovation with operational stability. Stakeholder Management: Strong collaboration skills to More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated More ❯

Able to influence the engineering culture and practices of the teams, workswith self-confidence with stakeholders outside of own team aswell Drive IAM strategy to support compliance initiatives (e.g. SOC 2, HIPAA, GDPR, etc.) Required Experience/Skills: 10+ years in Information Security related positions, with at least 5 years in leadership Bachelors degree in Computer Science, Information More ❯

helping to triage and remediate findings. Security Champion Enablement: Collaborate with engineering teams to build security awareness and develop a network of Security Champions. Incident & Response Readiness: Support Smarsh SOC and security incident response, including root cause analysis and post-mortem reviews for your product(s). Security Compliance & Governance: Ensure alignment with regulatory requirements (SOC 2 … Terraform, CloudFormation) and cloud security posture management. Strong understanding of identity & access management (OAuth, OIDC, SAML, JWT) and API security. Knowledge of industry frameworks like NIST, ISO 27001, and SOC 2. Experience driving developer enablement and security training initiatives. Excellent communication and collaboration skills to engage with engineering, product, and leadership teams. Preferred Qualifications Security certifications such as OSCP More ❯

. ITIL Processes: Knowledge of ITIL processes, particularly asset and configuration management. Compliance Frameworks: Experience working in environments subject to compliance frameworks such as ISO/IEC 27001 or SOC 2 is highly valued. Soft Skills: Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and strong leadership and project management skills. What we offer? Competitive … salary commensurate with experience Highly attractive bonus scheme Hybrid model and flexible working with up to 2 days at home Initial 22 days annual leave with future increases, complemented by a flexible buying and selling holiday program Company pension with generous employer contribution Wellbeing Unmind app - puts you in control of your mental health A flexible benefits platform with More ❯

observability and predictive analytics to proactively prevent outages. Security, Compliance & Risk Management: Drive zero-trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. More ❯

Senior Contract Consultant | Empowering Clients with the Best Cloud & Infrastructure Talent in the UK & Europe Head of IT Long-Term Contract (London/Hybrid) Location: London (3 days onsite, 2 days remote) The Opportunity We are seeking an accomplished Head of IT to lead and deliver strategic IT initiatives for a leading organisation based in London. This long-term … compliance , and risk management. Proven delivery of digital transformation , infrastructure modernization, and change management initiatives. Excellent stakeholder engagement and vendor management capabilities. Knowledge of frameworks: ITIL, ISO 27001, GDPR, SOC 2 , etc. Certifications preferred: CISSP, CISM, ITIL, TOGAF, PRINCE2 . Strong written and verbal communication skills. Contract Length: 1224 months (with possible extension) Location: Central London (Hybrid … jobs in London Area, United Kingdom . London Area, United Kingdom 120,000.00-130,000.00 16 hours ago Senior Director, Head of IT Service Delivery London, England, United Kingdom 2 weeks ago London, England, United Kingdom 1 week ago Greater London, England, United Kingdom 3 days ago London, England, United Kingdom 11 hours ago Uxbridge, England, United Kingdom 2 More ❯

with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have More ❯

with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead where global complexity creates opportunity. In addition, you will More ❯

TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply-chain security; automate More ❯

secure, scalable cloud infrastructure for our digital health platform. Automate CI/CD pipelines and lead Infrastructure as Code (Terraform, CloudFormation). Implement DevSecOps best practices to meet HIPAA, SOC 2, and ISO 27001 requirements. Monitor system performance and availability using CloudWatch, Prometheus, Grafana, and related tooling. Collaborate with engineering, security, and product teams to drive end to More ❯