and issue resolution to safeguard delivery success. Create and maintain standard templates, playbooks, and checklists to elevate project discipline. Monitor adherence to ISO/industry standards (e.g., ISO 27001, SOC2, GDPR, etc.) where relevant. Oversee partner-delivered projects, ensuring they adhere to the same quality, methodology, and governance standards as internal delivery. Work closely with Systems Integrators (SIs), consulting partners More ❯
Leeds, Yorkshire, United Kingdom Hybrid/Remote Options
Stott and May
Strategy Define and implement the company's security strategy across AI, blockchain, and cloud environments. Establish policies, standards, and governance frameworks aligned with industry best practices (ISO 27001, NIST, SOC2). Lead incident response, risk assessment, and threat modelling programmes. Build and mentor a world-class security team. AI Data Security Protect proprietary AI models, training data, and pipelines from … trust networks. Harden DevSecOps pipelines to ensure secure software delivery. Collaborate with engineering teams to integrate security by design into products. Compliance & Risk Management Ensure regulatory compliance with GDPR, SOC2, ISO, PCI-DSS, and crypto-specific frameworks. Lead risk assessments for third-party vendors and service providers. Work with legal and compliance teams on KYC/AML security for crypto More ❯
and vulnerability management practices. Strong knowledge of API security, OAuth, JWT, and API Gateway policies. Experience in security audits, monitoring, and incident remediation. Familiarity with compliance frameworks (e.g., ISO, SOC2, GDPR) is a plus. Hands-on experience with Terraform and Ansible for infrastructure automation. Proven experience with AWS cloud architecture and deploying microservices on ECS/ECR More ❯
and vulnerability management practices. Strong knowledge of API security, OAuth, JWT, and API Gateway policies. Experience in security audits, monitoring, and incident remediation. Familiarity with compliance frameworks (e.g., ISO, SOC2, GDPR) is a plus. Hands-on experience with Terraform and Ansible for infrastructure automation. Proven experience with AWS cloud architecture and deploying microservices on ECS/ECR More ❯
engineering best practices (e.g. test-driven development, continuous delivery, scrum practices, automation, maintainable and testable code etc.) Strong knowledge of HTTP security is highly desirable Experience with FedRamp andSOC2 certification is a plus Strong written and verbal communication skills Proactive, self-motivated, and strong ability to learn new things with little guidance Highly organized with critical More ❯
usage based pricing. Desirable Experience Familiarity with US privacy frameworks (CCPA/CPRA), EU AI Act, and emerging international AI and consumer regulations. Experience supporting security certifications (ISO 27001, SOC2) and ensuring compliance across AI model lifecycles. Involvement in investment or M&A transactions within the technology or AI sectors. Understanding of AI governance, algorithmic accountability, andMore ❯
Harden distributed systems (Kafka, Redis, CockroachDB) for global banking workloads Lead our AI-powered SRE approach: observability, remediation, and auto-response Enforce zero-trust, multi-tenant security and compliance (SOC2, ISO 27001) Define IaC foundations (Terraform, GitOps, Helm) What We're Looking For: Expert with Kubernetes and Distributed Systems Experience building production infrastructure at scale (multi-region, high-availability) Extensive More ❯
Harden distributed systems (Kafka, Redis, CockroachDB) for global banking workloads Lead our AI-powered SRE approach: observability, remediation, and auto-response Enforce zero-trust, multi-tenant security and compliance (SOC2, ISO 27001) Define IaC foundations (Terraform, GitOps, Helm) What We're Looking For: Expert with Kubernetes and Distributed Systems Experience building production infrastructure at scale (multi-region, high-availability) Extensive More ❯
embed quality and compliance controls into their operations Clear, concise written communication and executive risk reporting Strong stakeholder management across technical and non technical teams Experience with ISO 27001, SOC2, or similar certifications, and familiarity with ISO 9001/22301/14001 as contributing inputs Exposure to model risk governance or validation practices Experience with evidence automation More ❯
documentation for public APIs. Familiarity with Azure services and automation tools such as Power Automate or Zapier . Exposure to IoT or Telematics platforms . Awareness of ISO 27001, SOC2 , or GDPR compliance frameworks . More ❯
to translate regulatory requirements into practical product and technical implementation . Nice to Have Experience in comparison, fintech or other high-traffic consumer platforms. Exposure to ISO 27001/SOC2 environments. Experience collaborating with security, DevOps or product engineering teams. Why join: Greenfield build : You’re defining the privacy foundation — not inheriting one. Ability to meaningfully influence More ❯
City of London, London, United Kingdom Hybrid/Remote Options
Prism Digital
to translate regulatory requirements into practical product and technical implementation . Nice to Have Experience in comparison, fintech or other high-traffic consumer platforms. Exposure to ISO 27001/SOC2 environments. Experience collaborating with security, DevOps or product engineering teams. Why join: Greenfield build : You’re defining the privacy foundation — not inheriting one. Ability to meaningfully influence More ❯
Familiarity with Azure services and cloud-based automation tools (e.g., Power Automate, Zapier). Exposure to IoT or Telematics platforms and data handling. Awareness of standards like ISO 27001 , SOC2 , or GDPR compliance. Salary Range: £45-70k (depending upon experience) Job Type: Hybrid (3days in office) Why Work at MCS We’re proud recipients of the More ❯
Go, Python, or similar. Experience managing production systems with high availability and performance requirements. Excellent communication and stakeholder management skills. Comfortable working in regulated or compliance-heavy environments (e.g., SOC2, PCI, GDPR). WHO WE ARE: Do Your Best Work The opportunity to build in a fast-paced start-up environment with experienced industry leaders A learning environment where you More ❯
diligence and fundraising materials. Security, Risk & Compliance Review current security posture and define a regulatory-compliant roadmap across UK/US/CH. Prepare for institutional-grade certifications (e.g. SOC2, ISO 27001) and audits. About you Senior engineering leader (VP/CTO-level) with experience in crypto, digital assets or fintech. Proven track record building and scaling More ❯
diligence and fundraising materials. Security, Risk & Compliance Review current security posture and define a regulatory-compliant roadmap across UK/US/CH. Prepare for institutional-grade certifications (e.g. SOC2, ISO 27001) and audits. About you Senior engineering leader (VP/CTO-level) with experience in crypto, digital assets or fintech. Proven track record building and scaling More ❯
London, South East, England, United Kingdom Hybrid/Remote Options
RedLaw
Information Security Compliance Analyst Location: Central London (Hybrid, 2 days in office per week) Type: Permanent, Full-time An exciting opportunity for an analytical and detail-oriented Information Security Compliance Analyst to join a growing, dynamic team supporting clients in the legal sector. This role offers broad exposure to information security frameworks, compliance standards, and client advisory work. Key … a motivated individual early in their career, possibly from a technical support, legal, or professional services background. Candidates should have: A foundational understanding of information security frameworks (ISO 27001, SOC2, Cyber Essentials). Strong written communication and organisational skills. Interest in risk, compliance, and information security. A relevant certification (or willingness to obtain one), such as ISO More ❯
london, south east england, united kingdom Hybrid/Remote Options
Vanta
by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous—not just a More ❯
modelling. Security Operations (SOC) : Overseeing monitoring, incident response, vulnerability management, and operational resilience. Governance, Risk & Compliance (GRC) : Leading our efforts to achieve and maintain compliance with PCI, GDPR, SOC2, and ISO27001. Vendor Security : Spearheading due diligence and monitoring of third parties, integrated with our Vendor Governance Forum. Policies & Assurance : Defining and enforcing security standards, collaborating with IT Ops and … have deep experience overseeing a Security Operations function, managing monitoring, incident response, and vulnerability management. Driving GRC : You're an expert in managing compliance frameworks such as PCI, GDPR, SOC2, and ISO 27001, and you're skilled at preparing for audits. Vendor Security : You have led vendor security analysis, including due diligence and ongoing monitoring. Collaboration & Execution : You can define More ❯
london, south east england, united kingdom Hybrid/Remote Options
PCI Pal
maintaining, and maturing the already established audit lifecycles for the following frameworks: PCI DSS v4.0, ISO 27001:2022, ISO 9001:2015, ISO 14001:2015, Cyber Essentials, Cyber Essentials Plus, SOC2 Type 1 – 3 & HIPAA Working in close collaboration with other team members, with peers, and across the business to ensure that mandatory and audit defined GRC requirements are effectively managed … Be a subject matter expert level knowledge of all the Information Security frameworks (as listed within the You Will be Responsible For section), e.g. PCI DSS, ISO 27001:2022, SOC2 etc. Possess a good, and demonstrable, understanding of EU/UK GDPR and the Data Protection Act 2018 etc. Have led and managed audit programmes from inception to completion for … PCI DSS and ISO 27001:2022. Experience in managing SOC2 audit requirements is highly desirable Any experience of working with CSA CCM v4.0 and associated cloud security frameworks is highly desirable. Have excellent knowledge of the principles of risk management, associated processes, and their relevance to maintaining a GRC programme. Are a strong and proactive collaborator with a positive professional More ❯
regional regulatory requirements. Own security GRC automation tooling (Vanta) and work across the business to maintain security compliance posture. Successfully lead internal and external security audits - ISO 27001/SOC2 Type II/PCI DSS. Champion a company wide culture of security awareness and operational resilience by playing a key role in defining, maintaining, and managing security incident response and … research effectively to find the missing details. ISO 27001 et al - You have built and maintained an ISO 27001 certified ISMS before and led other important security audit assessments (SOC2, PCI, etc.). You may have also gained ISO 27001 Lead Auditor or alike certifications (a plus). Collaborator Extraordinaire - Strong communications skills with the ability to explain technical and … frameworks Flexibility surrounding other commitments; within your team we will work around child care or other appointments you have. We just ask for advance notice! For those London Based 2-3 days per week in office Working in a diverse and inclusive environment where we ensure that our people thrive Navro does not accept unsolicited resumes from search firms More ❯
detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Technology Microsoft Azure Infrastructure design and administration, including topology, Azure networking, services, and component knowledge Microsoft AD (Entra), Server and SQL experience O365 administration and design Microsoft … Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices Summary Problem-Solving & Decision-Making: Capable of making informed decisions and resolving complex IT issues in a fast-paced environment. Stakeholder Engagement: Ability to communicate More ❯
Cyber Security Analyst Milton Keynes – hybrid (2 days and then 3 days in the office rotating weekly) Up to £60,000, 10% annual bonus and excellent benefits. Our client is an impressive, innovative, multiple award-winning, leading IT Managed Service Provider; they believe great people build great companies and invest heavily in staff development, cultivating a culture of innovation … a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOCand client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation efforts Maintain and … role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. More ❯
