1 to 25 of 64 Remote Permanent SOC 2 Jobs

clear visibility of its cyber risk exposure and the processes in place to respond effectively. You will oversee the enterprise risk register, manage the risk exception process, and drive SOC 2 readiness initiatives. Partnering with IT, architecture, SRE, and procurement teams, you'll translate complex technical risks into actionable business decisions and provide senior leaders with clear, data … driven insights. You will also align the company with leading industry frameworks such as NIST CSF, NIST 800 53, and SOC 2, helping advance its risk maturity. What You'll Be Doing ** Lead and continuously improve the cyber risk management program, including oversight of the enterprise risk register. ** Manage risk exceptions and ensure timely review, tracking, and remediation … of risks. ** Drive SOC 2 readiness activities and collaborate with auditors and internal stakeholders to ensure compliance. ** Develop and enforce cybersecurity governance policies, standards, and procedures aligned with industry frameworks. ** Work with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology and third party risks. ** Provide clear, actionable reporting and metrics to senior leadership, translating More ❯

clear visibility of its cyber risk exposure and the processes in place to respond effectively. You will oversee the enterprise risk register, manage the risk exception process, and drive SOC 2 readiness initiatives. Partnering with IT, architecture, SRE, and procurement teams, you'll translate complex technical risks into actionable business decisions and provide senior leaders with clear, data … driven insights. You will also align the company with leading industry frameworks such as NIST CSF, NIST 800 53, and SOC 2, helping advance its risk maturity. What You'll Be Doing ** Lead and continuously improve the cyber risk management program, including oversight of the enterprise risk register. ** Manage risk exceptions and ensure timely review, tracking, and remediation … of risks. ** Drive SOC 2 readiness activities and collaborate with auditors and internal stakeholders to ensure compliance. ** Develop and enforce cybersecurity governance policies, standards, and procedures aligned with industry frameworks. ** Work with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology and third party risks. ** Provide clear, actionable reporting and metrics to senior leadership, translating More ❯

take ownership of day-to-day security operations, implement and refine controls, and play a hands-on role in ensuring compliance with recognised standards such as ISO 27001 and SOC 2 Type II. This is a visible and strategic position - ideal for someone who enjoys combining technical depth with governance, audit, and risk management responsibilities. Key Responsibilities Develop … Implement and manage controls across cloud and on-premises environments (Azure/AWS preferred). Lead incident response processes and investigations, coordinating remediation actions. Support compliance programmes - ISO 27001, SOC 2 Type II, and data-protection (GDPR). Deliver regular security reporting and KPI tracking for senior leadership. Drive security awareness training and best practice across the wider … team. What You'll Bring 5+ years' experience in information security, risk, or compliance roles. Strong understanding of ISMS principles (ISO 27001) and audit support for SOC 2 Type II. Hands-on experience with security tools and controls - SIEM, IAM/PAM, endpoint protection, vulnerability management. Working knowledge of data-protection and privacy standards (GDPR, HIPAA). Excellent More ❯

Salary: Up to £65,000 Employment Type: Permanent Job Summary: Our client, a leading IT services and consulting firm, is seeking a Cyber Security Assurance Manager to ensure their SOC meets and maintains … top security certifications and assurance standards. As part of the GRC function, you’ll lead customer assurance activities, manage external audits, and oversee key certifications such as ISO 27001, SOC2 Type II, Cyber Essentials Plus, and CREST SOC accreditation. Key Responsibilities: Act as primary contact for customer assurance activities, supporting RFIs, RFPs, and client audit requests Deliver training and … awareness sessions on SOC assurance standards to internal teams Develop customer-facing assurance documentation demonstrating the organisation's security posture Lead the delivery and ongoing maintenance of SOC-related certifications (SOC 2 Type II, SOC 3, ISO/IEC 27001, Cyber Essentials Plus, CREST) Embed certification requirements into SOC governance, processes, and operational practices More ❯

Information/Cyber Security Engineer – Lead the Future of Cyber, Governance & Digital Health Innovation 🌍 Location: Remote-first (Bristol, Bournemouth, London offices – 1–2 days a month onsite) Salary: Up to £75,000 + Private Healthcare + Amazing Holidays + Pension + Birthday Off Reporting to: The CTO (a visionary leader shaping the future of digital health) Interviews: This week … Vulnerability Management – Proactively identify, assess, and mitigate risks. 🌳 ISMS Ownership – Lead and maintain the Information Security Management System end-to-end. 🌳 Certifications & Compliance – Drive ISO 27001, Cyber Essentials Plus & SOC 2 readiness, certification, and ongoing compliance. 🌳 Incident Response Leadership – Build, refine, and lead incident response & security operations. 🌳 Security Culture & Training – Develop training programs and foster a culture of … spotting trends to inform leadership decisions. 🌳 Stakeholder Partnership – Be the security conscience for internal & external teams, giving clear, actionable guidance. Key Deliverables 🌳 ISO 27001 & Cyber Essentials Plus certification & recertification 🌳 SOC 2 Type I & Type II readiness & audits 🌳 Up-to-date security risk register & treatment plans 🌳 Regular internal security audits & training completion metrics 🌳 Security policies reviewed & refreshed annually (or More ❯

Vulnerability Management Proactively identify, assess, and mitigate risks. ISMS Ownership Lead and maintain the Information Security Management System end-to-end. Certifications & Compliance Drive ISO 27001, Cyber Essentials Plus & SOC 2 readiness, certification, and ongoing compliance. Incident Response Leadership Build, refine, and lead incident response & security operations. Security Culture & Training Develop training programs and foster a culture of … spotting trends to inform leadership decisions. Stakeholder Partnership Be the security conscience for internal & external teams, giving clear, actionable guidance. Key Deliverables ISO 27001 & Cyber Essentials Plus certification & recertification SOC 2 Type I & Type II readiness & audits Up-to-date security risk register & treatment plans Regular internal security audits & training completion metrics Security policies reviewed & refreshed annually (or … red tape, just real impact and rapid results Were Looking For Someone Who Lives & breathes information security, governance, and cyber best practice Knows ISO 27001, Cyber Essentials Plus, and SOC 2 inside out Can design & deliver incident response, security ops, and security awareness programs that people actually use Is comfortable being the security point person across product, engineering More ❯

external pen-test liaison) and two GRC specialists. What you’ll do Drive and extend ISO 27001 implementation/maintenance (UK certified; expanding to Madrid and Manila ). Support SOC 2 Type 2 maintenance (already accredited)—expert level not required. Oversee SIEM operations with the tech team: ensure log ingestion/coverage , daily monitoring, and follow-up. … GRC grounding plus solid technical understanding (AWS-heavy environment). Comfortable being hands-on where needed; people management nice-to-have, not essential. ISO 27001 (implementation/assurance) experience; SOC 2 exposure helpful. SIEM familiarity and the ability to work with engineers on coverage, tuning, and use-cases . Stakeholder-savvy; calm under pressure; excellent written/verbal More ❯

the global information security compliance program. Conduct internal audits, third-party risk assessments, and due diligence reviews. Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD. Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives. Identify gaps in security controls and recommend corrective actions. Maintain and update … information security compliance, risk management, and audit. Strong understanding of international regulatory frameworks and standards. Hands-on experience with: ISO27001 audits and implementation GDPR compliance NIST cybersecurity framework SOX, SOC 2, HIPAA, CCPA, LGPD Ability to interpret complex regulatory requirements and translate them into actionable controls. Excellent communication and stakeholder engagement skills. Strong analytical and problem-solving capabilities. More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

the Way in Cyber Security Assurance? Robert Half are seeking a dynamic, proactive, and experienced Cyber Security Assurance Manager to join a globally-scaled, fast-paced Security Operations Centre (SOC) environment. In this crucial role, you will ensure that the SOC maintains its commitment to best-in-class standards through internationally recognised security certifications and industry-wide assurance … member in Governance, Risk, and Compliance (GRC) , you will lead certification efforts, influence operational processes, and engage directly with customers and auditors to showcase security credentials that differentiate our SOC from the competition. If you're skilled in blending technical insight with customer-focused communication … while driving compliance excellence, this opportunity is for you! What We're Looking For: Qualifications and Experience: Proven experience delivering and managing cybersecurity certifications (e.g., ISO/IEC 27001, SOC2 Type II, Cyber Essentials Plus, CREST). A strong understanding of SOC operations and security assurance frameworks. Experience engaging with customers during audits and RFP/RFI processes, showcasing More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence More ❯

key customers. Lead and mentor cross-functional security teams (Enterprise IT SecOps, Cloud Security, Network Security, Compliance, Identity). Oversee global security policies, risk management, and regulatory alignment (ISO27001, SOC2, GDPR, NIS2/DORA, Telecom-specific regulations). Ensure security is embedded in product/service lifecycles (Internet access, SD-WAN, SASE, NaaS) and that they are secure by design … with credibility at executive, technical, and regulatory levels; with customer-focused mindset with emphasis on trust, resilience, and service assurance. Information Security & Compliance Expertise : Deep knowledge of ISO 27001, SOC 2 Type II, NIS2, and DORA regulations, with experience leading audits and closing compliance gaps. Security Architecture & Engineering : Proficiency in secure SDLC practices, application security tooling (SAST/ More ❯

Lead enterprise-wide vulnerability assessments, remediation programmes, and Breach and Attack Simulation (BAS) exercises for proactive threat mitigation. Compliance & Third-Party Security: Ensure adherence to PCI DSS, ISO 27001, SOC 2 , and perform rigorous third-party security risk assessments. Secure Software Development (SDLC): Embed secure coding practices into development lifecycles, enabling DevSecOps and automation-first security strategies. Cross More ❯

Lead enterprise-wide vulnerability assessments, remediation programmes, and Breach and Attack Simulation (BAS) exercises for proactive threat mitigation. 🌳 Compliance & Third-Party Security: Ensure adherence to PCI DSS, ISO 27001, SOC 2 , and perform rigorous third-party security risk assessments. 🌳 Secure Software Development (SDLC): Embed secure coding practices into development lifecycles, enabling DevSecOps and automation-first security strategies. 🌳 Cross More ❯