1 to 25 of 185 SOC 2 Jobs in the UK

contract negotiation and general commercial legal work . You will play a key role in helping the business stay compliant with relevant laws and standards, including oversight of our SOC 2 compliance processes, while also helping to drive practical legal solutions across the business. Key Responsibilities: Compliance & Risk Management Lead or support internal compliance programs, with a focus … on data privacy, corporate governance, and regulatory frameworks. Oversee SOC 2 Type II maintenance and readiness efforts. Conduct internal training sessions on legal and compliance topics. Legal & Commercial Support Advise on data protection and privacy issues (e.g. GDPR, CCPA) and support implementation of related policies and procedures. Draft, review, and negotiate a wide range of commercial contracts (e.g. … incl. collaborating on matters requiring specialist support, managing costs, etc). About You: Experience & Qualifications Strong working knowledge of global data privacy laws and compliance standards (e.g. GDPR, CCPA, SOC 2). Demonstrated experience reviewing and negotiating commercial agreements. Skills & Traits You enjoy data privacy, compliance and operational legal work and are happy to "roll up your sleeves More ❯

AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. You'll also be responsible for vulnerability management, incident response for application-layer events, and ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements. This role blends offensive and defensive expertise with strategic influence, giving you the autonomy to shape a scalable, modern AppSec program. Responsibilities … ensure timely resolution. Incident Response Leadership Lead investigations for application-layer security incidents and conduct post-incident analysis. Compliance Enablement Support audits, technical evidence collection, and control design for SOC 2, ISO 27001, and privacy-by-design requirements. Customer Trust Contribute to customer security assessments, penetration test reports, and security documentation. Requirements: 7+ years of experience in a … Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices. Proven ability to lead incident response for application-layer security events. Familiarity with compliance frameworks (SOC 2, ISO 27001) and secure SDLC practices. Knowledge of privacy-by-design principles and data security in SaaS environments. Awareness of emerging AI/ML security risks and More ❯

You'll help us keep Synthesia secure and audit-ready by supporting our internal and external trust operation efforts. This includes working with standards like ISO 27001, ISO 42001, SOC 2 and CSA STAR, while also interfacing with customers where necessary. In short, everything that is necessary to earn and maintain customer trust in our security and privacy. … and others to keep us all aligned Getting involved in risk assessments and tracking mitigation efforts Keep us on track and aligned with various frameworks (ISO 27001, ISO 42001, SOC 2, etc.) Exploring other certifications and frameworks as the business evolves We'd love to hear from you if you: Are comfortable navigating technical concepts and asking insightful … growing startup or SaaS company Have supported or participated in an external audit before Work and incorporated AI into your work habits Have experience with frameworks like ISO 27001, SOC 2, or ISO 42001 Have used compliance tools like Vanta , Drata , or similar platforms Know what Okta, Wiz, and Github are Our culture At Synthesia we're passionate More ❯

risks, regulatory exposure, and investment priorities to support long-term growth. Governance & Compliance Own company-wide security governance, including data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews … Deep understanding of cloud security (especially AWS), application security, and modern DevSecOps. Proven experience securing systems involving digital assets, cryptographic components, or distributed infrastructure. Strong grasp of regulatory frameworks: SOC 2, ISO 27001, GDPR, NIST, etc. Background in threat modeling, incident response, and risk management. Excellent leadership, communication, and stakeholder skills. Bachelor's or advanced degree in Computer More ❯

responses to customer security audits and assurance inquiries. Monitor regulatory changes and contribute to compliance initiatives such as DORA , NIS2 , and other applicable standards and frameworks (e.g., ISO 27001, SOC 2, GDPR). Assist in the development, maintenance, and improvement of internal GRC processes, policies, and documentation. Collaborate with cross-functional teams (Security, Legal, IT, Product, etc.) to … related field. Experience supporting sales processes, including responding to RFx security assessments. Solid understanding of cybersecurity principles, information security best practices, and regulatory requirements (DORA, NIS2, GDPR, ISO 27001, SOC 2, etc.). Excellent written and verbal communication skills; able to translate technical concepts for non-technical audiences. Strong organizational skills with the ability to manage multiple priorities More ❯

work closely with engineering and compliance teams to ensure our systems are secure by design, resilient to threats, and aligned with best-in-class standards (including ISO 27001 and SOC 2). You'll play a key role in monitoring, incident response, vulnerability management, and secure DevOps practices-helping us maintain customer trust and regulatory compliance as we … native environments Proficiency in security monitoring tools such as SIEM, EDR, vulnerability management tools, and log aggregation platforms Strong knowledge of security frameworks, standards, and best practices (ISO 27001, SOC 2, GDPR) Proven incident response, threat detection, and investigation experience Experience with cloud platforms (preferably Azure), identity & access management, and secure networking Scripting or automation experience (e.g. PowerShell More ❯

in secure coding practices to reduce vulnerabilities proactively. Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and GDPR. Lead efforts to prepare for and support external and internal audits by providing comprehensive documentation, risk assessments, and remediation evidence. Develop and deliver … identity management. Proficient in at least one programming or Scripting language such as Python, Java, JavaScript, or Go. Solid understanding of FinTech compliance requirements and standards including PCI-DSS, SOC 2, GDPR, and ISO 27001. Excellent communication and collaboration skills, capable of working with diverse teams and stakeholders. Nice to Have Industry certifications such as Certified Secure Software More ❯

driven decisions to enhance customer outcomes. Develop a deep understanding of Vanta's platform and its applications, advising customers on how to optimize their use of our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP, Custom Frameworks), Trust Reports, and Risk Management solutions. Partner closely with your Scale CSA team to co-develop and execute plays that … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline. Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews. Enable revenue. Partner with Sales & Customer Success to answer security … document best practices, and keep calm during incidents. Comfort with ambiguity. First dedicated security hire? Perfect-you'll set the bar. Nice-to-haves Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications. Demonstrated open-source security contributions, CTF wins, or conference talks. Experience with procurement or fintech data-flows, third-party risk, or More ❯

/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline. Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews. Enable revenue. Partner with Sales & Customer Success to answer security … document best practices, and keep calm during incidents. Comfort with ambiguity. First dedicated security hire? Perfect-you'll set the bar. Nice-to-haves Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications. Demonstrated open-source security contributions, CTF wins, or conference talks. Experience with procurement or fintech data-flows, third-party risk, or More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

Oversee the patch management process across Windows and macOS devices, ensuring machines are secure and compliant. Track inventory and maintain accurate asset records in alignment with lifecycle policy and SOC 2 controls. Create and manage user accounts for common software (e.g., Office 365, Google Workspace) and monitor license usage/costs. Experience with Active Directory for user account … independently in both on-site and remote settings. Preferred Experience Experience supporting distributed teams in a hybrid/remote-first environment. Experience working in environments preparing for or maintaining SOC 2 compliance. Education & Certifications 4-year college degree in a related field, or equivalent practical experience. A+ Certification or similar (CompTIA, MTA, etc.) strongly preferred. At Tactiq, we More ❯

cross-functional procurement team (including vendor and sourcing specialists). Vendor & Partnership Management Manage complex vendor relationships across hardware, software, cloud, security, and telecom. Oversee vendor compliance with SLA, SOC 2, and other applicable frameworks. Maintain partnership requirements (e.g., Microsoft, Dell, Cisco), including certifications and revenue thresholds. Procurement Operations Oversee all procurement lifecycle activities: assessment, process, negotiation, order … Dell, Lenovo). Knowledge of MSP procurement workflows including CPQ, product bundling, licensing renewals, and hardware lifecycle management. Strong negotiation skills across software, SaaS, and hardware agreements. Familiarity with SOC 2, and other relevant standards. Advanced Excel and experience with procurement platforms (e.g., ConnectWise Sell, Coupa, etc.). Preferred Experience launching Procurement as a Service or similar resale More ❯

track if this doesn't align with what you want to do. Hybrid working - our approach is to be in the office or on client site a minimum of 2 days per week. Work on a broad variety of projects and tech stacks for clients across seven sectors - no project is ever the same Join other experts within our … modeling, security testing) and determining residual risk after applying compensating security controls Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2 and familiarity working with Quality Management Systems Experience working with teams in a structured software development lifecycle process Excellent interpersonal skills, both written and … the role. Quick call with one of our Tech Recruiters - to discuss your application, the role and PA Round 1: Either a competency or technical interview (60 mins) Round 2: Either a competency or technical interview, whichever you didn't do at first round (60 mins) Final round : Meeting with a PA leader - a mini case study and discussion More ❯

won't need experience in all of these areas, their current accreditations are as follows: ISO 9001, 27001, 27701, 27017, 22301, 14001, (phone number removed), 42001, 13485, PCI-DSS, SOC 2 Type 2, CE+. The company work on a hybrid model typically involving 2-3 days a week in the office. Examples of responsibilities: Coordination of More ❯

Access, Entra ID, and Identity Governance setups Implement Data Loss Prevention (DLP) and sensitivity labels Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance More ❯

Develop comprehensive monitoring solutions using Prometheus, Grafana, ELK stack, or similar tools to improve system reliability. Security & Compliance: Apply best practices for cloud security, IAM policies, and compliance frameworks (SOC2, ISO 27001, etc.). Incident Response & Performance Optimization: Troubleshoot issues, perform root cause analysis, and implement fixes to optimize performance. Infrastructure as Code (IaC): Utilize Terraform, Ansible, or similar tools More ❯

Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability assessments, and security scanning to proactively identify … security operations. Desirable Certifications: Azure Security Engineer Associate, CISSP, OSCP (Offensive Security Certified Professional), CCSP, or equivalent. Experience with container security (Docker, Kubernetes). Knowledge of NIST, ISO 27001, SOC 2 compliance frameworks. Familiarity with Zero Trust security principles. Other Stuff NB: Please only apply if you are able to work from their Debden (IG10) offices Monday-Friday. More ❯

Expertise in cloud architectures (Azure, AWS, or GCP), containerization (Docker/Kubernetes), and hybrid cloud models. Security & Compliance Awareness: Understanding of financial services security frameworks, data privacy regulations (GDPR, SOC 2, etc.), and risk management principles. Business & Technology Alignment: Ability to translate business needs into technology solutions, balancing innovation with operational stability. Stakeholder Management: Strong collaboration skills to More ❯

technologies like Docker and Kubernetes Knowledge of security best practices for cloud environments (AWS, Azure, GCP) Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2 Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment Strong problem-solving skills and a passion for continuous improvement More ❯

AWS Certified Security - Specialty). Experience with other cloud platforms (e.g., Azure, GCP). Familiarity with serverless architectures and AWS Lambda. Expertise in compliance standards such as GDPR, HIPAA, SOC2, and ISO 27001. Experience with advanced security practices such as zero-trust architecture, encryption key management, and security incident response. Why Apply? Senior/Lead role with the ability to More ❯

Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated More ❯

observability and predictive analytics to proactively prevent outages. Security, Compliance & Risk Management: Drive zero-trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. More ❯