1 to 25 of 198 SOC 2 Jobs in the UK

clear visibility of its cyber risk exposure and the processes in place to respond effectively. You will oversee the enterprise risk register, manage the risk exception process, and drive SOC 2 readiness initiatives. Partnering with IT, architecture, SRE, and procurement teams, you'll translate complex technical risks into actionable business decisions and provide senior leaders with clear, data … driven insights. You will also align the company with leading industry frameworks such as NIST CSF, NIST 800 53, and SOC 2, helping advance its risk maturity. What You'll Be Doing ** Lead and continuously improve the cyber risk management program, including oversight of the enterprise risk register. ** Manage risk exceptions and ensure timely review, tracking, and remediation … of risks. ** Drive SOC 2 readiness activities and collaborate with auditors and internal stakeholders to ensure compliance. ** Develop and enforce cybersecurity governance policies, standards, and procedures aligned with industry frameworks. ** Work with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology and third party risks. ** Provide clear, actionable reporting and metrics to senior leadership, translating More ❯

Risk & Compliance Analyst - ISO 27001, SOC 2, GDPR Location: Knutsford (Cheshire) | Office-based Salary: £35,000 - £45,000 DOE + benefits About the Role We're supporting a fast-growing technology company that delivers secure, cloud-based platforms to highly regulated enterprise clients. They're looking for a Risk & Compliance Officer/Analyst to play a key part … in maintaining and improving their information-security and compliance frameworks. Working closely with senior leadership, you'll help ensure the business remains compliant with standards such as ISO 27001, SOC 2 Type II, and GDPR, while building a culture of risk awareness and continuous improvement. Key Responsibilities Maintain and develop compliance policies, standards, and frameworks across the organisation. … Support internal and external audits for ISO 27001, SOC 2, and data-protection regulations. Conduct regular risk assessments and contribute to risk treatment plans. Monitor compliance KPIs, prepare monthly status reports, and present findings to senior stakeholders. Review vendor and third-party compliance, ensuring contractual and regulatory obligations are met. Deliver compliance awareness and training across teams. Provide More ❯

Overview An exciting opportunity has arisen for an experienced Cyber Security Assurance Manager to take ownership of security certifications, audits, and assurance standards for a leading Security Operations Centre (SOC) environment. This role will focus on delivering and maintaining key certifications such as ISO/IEC 27001 , SOC 2 Type II , Cyber Essentials Plus , and CREST SOC … candidate will have a strong background in cybersecurity assurance , experience engaging with external auditors and customers , and a proactive approach to maintaining compliance and continuous improvement within a global SOC function. Key Responsibilities Certification Delivery & Maintenance Lead the delivery and ongoing maintenance of SOC-related certifications including SOC 2 Type II , SOC 3 , ISO/… Plus , and CREST . Manage sector-specific compliance such as PCI DSS and NCSC CIR/CHECK . Ensure timely renewals and proactively address compliance gaps. Security Assurance for SOC Operations Integrate certification and assurance requirements into SOC governance, processes, and operations. Maintain evidence collection and audit readiness for both internal and external audits. Translate assurance and control More ❯

take ownership of day-to-day security operations, implement and refine controls, and play a hands-on role in ensuring compliance with recognised standards such as ISO 27001 and SOC 2 Type II. This is a visible and strategic position - ideal for someone who enjoys combining technical depth with governance, audit, and risk management responsibilities. Key Responsibilities Develop … Implement and manage controls across cloud and on-premises environments (Azure/AWS preferred). Lead incident response processes and investigations, coordinating remediation actions. Support compliance programmes - ISO 27001, SOC 2 Type II, and data-protection (GDPR). Deliver regular security reporting and KPI tracking for senior leadership. Drive security awareness training and best practice across the wider … team. What You'll Bring 5+ years' experience in information security, risk, or compliance roles. Strong understanding of ISMS principles (ISO 27001) and audit support for SOC 2 Type II. Hands-on experience with security tools and controls - SIEM, IAM/PAM, endpoint protection, vulnerability management. Working knowledge of data-protection and privacy standards (GDPR, HIPAA). Excellent More ❯

Salary: Up to £65,000 Employment Type: Permanent Job Summary: Our client, a leading IT services and consulting firm, is seeking a Cyber Security Assurance Manager to ensure their SOC meets and maintains … top security certifications and assurance standards. As part of the GRC function, you’ll lead customer assurance activities, manage external audits, and oversee key certifications such as ISO 27001, SOC2 Type II, Cyber Essentials Plus, and CREST SOC accreditation. Key Responsibilities: Act as primary contact for customer assurance activities, supporting RFIs, RFPs, and client audit requests Deliver training and … awareness sessions on SOC assurance standards to internal teams Develop customer-facing assurance documentation demonstrating the organisation's security posture Lead the delivery and ongoing maintenance of SOC-related certifications (SOC 2 Type II, SOC 3, ISO/IEC 27001, Cyber Essentials Plus, CREST) Embed certification requirements into SOC governance, processes, and operational practices More ❯

Salary: Up to £65,000 Employment Type: Permanent Job Summary: Our client, a leading IT services and consulting firm, is seeking a Cyber Security Assurance Manager to ensure their SOC meets and maintains … top security certifications and assurance standards. As part of the GRC function, you’ll lead customer assurance activities, manage external audits, and oversee key certifications such as ISO 27001, SOC2 Type II, Cyber Essentials Plus, and CREST SOC accreditation. Key Responsibilities: Act as primary contact for customer assurance activities, supporting RFIs, RFPs, and client audit requests Deliver training and … awareness sessions on SOC assurance standards to internal teams Develop customer-facing assurance documentation demonstrating the organisation's security posture Lead the delivery and ongoing maintenance of SOC-related certifications (SOC 2 Type II, SOC 3, ISO/IEC 27001, Cyber Essentials Plus, CREST) Embed certification requirements into SOC governance, processes, and operational practices More ❯

Manchester - 5 days per week Job Type: Full-Time, Permanent Salary: £45,000 to £55,000 Key Responsibilities: Lead and support compliance programs with a focus on PCI DSS, SOC 1, and SOC 2 requirements Conduct governance, risk, and control assessments across IT and business processes Partner with internal stakeholders and external auditors to ensure audit readiness … standards, and procedures Support third-party vendor risk assessments and contribute to enterprise-wide GRC initiatives What My Client is Looking For: Proven experience working with PCI DSS and SOC 1/SOC 2 frameworks in regulated environments Strong background in IT risk, audit coordination, and control testing Excellent stakeholder management skills, with the ability to influence More ❯

Manchester - 5 days per week Job Type: Full-Time, Permanent Salary: £45,000 to £55,000 Key Responsibilities: Lead and support compliance programs with a focus on PCI DSS, SOC 1, and SOC 2 requirements Conduct governance, risk, and control assessments across IT and business processes Partner with internal stakeholders and external auditors to ensure audit readiness … standards, and procedures Support third-party vendor risk assessments and contribute to enterprise-wide GRC initiatives What My Client is Looking For: Proven experience working with PCI DSS and SOC 1/SOC 2 frameworks in regulated environments Strong background in IT risk, audit coordination, and control testing Excellent stakeholder management skills, with the ability to influence More ❯

Manchester - 5 days per week Job Type: Full-Time, Permanent Salary: £45,000 to £55,000 Key Responsibilities: Lead and support compliance programs with a focus on PCI DSS, SOC 1, and SOC 2 requirements Conduct governance, risk, and control assessments across IT and business processes Partner with internal stakeholders and external auditors to ensure audit readiness … standards, and procedures Support third-party vendor risk assessments and contribute to enterprise-wide GRC initiatives What My Client is Looking For: Proven experience working with PCI DSS and SOC 1/SOC 2 frameworks in regulated environments Strong background in IT risk, audit coordination, and control testing Excellent stakeholder management skills, with the ability to influence More ❯

external pen-test liaison) and two GRC specialists. What you’ll do Drive and extend ISO 27001 implementation/maintenance (UK certified; expanding to Madrid and Manila ). Support SOC 2 Type 2 maintenance (already accredited)—expert level not required. Oversee SIEM operations with the tech team: ensure log ingestion/coverage , daily monitoring, and follow-up. … GRC grounding plus solid technical understanding (AWS-heavy environment). Comfortable being hands-on where needed; people management nice-to-have, not essential. ISO 27001 (implementation/assurance) experience; SOC 2 exposure helpful. SIEM familiarity and the ability to work with engineers on coverage, tuning, and use-cases . Stakeholder-savvy; calm under pressure; excellent written/verbal More ❯

mitigate threats in real-time, conducting post-incident analysis and documentation. Risk and Compliance Management Conduct regular security assessments and audits to ensure compliance with industry standards (ISO 27001, SOC 2, etc.). Develop strategies to address vulnerabilities and mitigate risks. Collaboration and Integration Work closely with IT and development teams to integrate security services into CI/… Security – Specialty or AWS Certified Solutions Architect Checkpoint Certified Security Expert (CCSE) or similar certification Experience with scripting (Python, PowerShell, or Bash) Familiarity with compliance frameworks (ISO 27001, GDPR, SOC 2, PCI-DSS) At Cognizant you will experience an exciting mix of innovation by design, creativity, collaboration, and efficiency within a framework of stimulating objectives and a passion More ❯

and company builders come from DeepMind, OpenAI, Google Brain, Meta, Character.AI, Anthropic and beyond. What You'll Do Develop and maintain company-wide information security policies and frameworks (US: SOC 2, NIST, GDPR; UK: ISO 27001, Cyber Essentials, GDPR) Oversee IT operations across our three offices (London, New York, San Francisco), ensuring systems, devices, and networks remain secure … experience, including leadership in high-growth or tech-driven environments Strong knowledge of network, cloud, and endpoint security (AWS/GCP/Azure) Familiarity with key compliance frameworks (US: SOC 2, NIST; UK: ISO 27001, Cyber Essentials) Experience implementing MDM, SSO, and IAM systems Excellent communication skills and the ability to translate technical risk into practical action Certifications More ❯

secure and reliable deployments. Provision, support & maintain required cloud services for development, test and QA. Implement cloud cost optimization strategies. Cybersecurity Ensure compliance with security standards (e.g., ISO 27001, SOC 2, GDPR) and internal policies and procedures for cloud and IT environments. Lead incident response, vulnerability management, and threat detection using SIEM tools, MDR and antivirus platforms. Secure … relevant work experience may compensate for lack of formal education. Certifications such as CISSP, CISM, expert level Azure, or similar are a plus. Familiarity with security frameworks (ISO 27001, SOC 2, NIST, FedRAMP). Competencies Advanced knowledge of cyber security. Excellent leadership, communication, and cross-functional collaboration and mentoring skills. More ❯

and compliance posture to customers, partners, and auditors. Requirements Security Governance & Compliance Lead the company’s efforts to achieve and maintain ISO 27001 (and other frameworks as needed, e.g., SOC 2, EU AI Act readiness). Establish, document, and evolve security and compliance policies, ensuring they meet company needs and regulatory requirements. Drive security and compliance initiatives across … including AI-related risks) and propose mitigation strategies. Qualifications Proven experience in a security engineering, compliance, or security leadership role. Strong understanding of security standards and frameworks (ISO 27001, SOC 2, CIS, NIST, GDPR, EU AI Act). Hands-on technical skills in areas such as penetration testing, application security, or infrastructure hardening. Familiarity with modern software development More ❯

the global information security compliance program. Conduct internal audits, third-party risk assessments, and due diligence reviews. Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD. Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives. Identify gaps in security controls and recommend corrective actions. Maintain and update … information security compliance, risk management, and audit. Strong understanding of international regulatory frameworks and standards. Hands-on experience with: ISO27001 audits and implementation GDPR compliance NIST cybersecurity framework SOX, SOC 2, HIPAA, CCPA, LGPD Ability to interpret complex regulatory requirements and translate them into actionable controls. Excellent communication and stakeholder engagement skills. Strong analytical and problem-solving capabilities. More ❯

the global information security compliance program. Conduct internal audits, third-party risk assessments, and due diligence reviews. Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD. Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives. Identify gaps in security controls and recommend corrective actions. Maintain and update … information security compliance, risk management, and audit. Strong understanding of international regulatory frameworks and standards. Hands-on experience with: ISO27001 audits and implementation GDPR compliance NIST cybersecurity framework SOX, SOC 2, HIPAA, CCPA, LGPD Ability to interpret complex regulatory requirements and translate them into actionable controls. Excellent communication and stakeholder engagement skills. Strong analytical and problem-solving capabilities. More ❯

comprehensive security protocols to safeguard company data, IP, and systems. Ensure practical and efficient roll out of security compliance with relevant industry standards and regulations (e.g., ISO, GDPR, HIPAA, SOC 2). Data Management: Develop a reliable and secure data infrastructure to support large scale AI model training and deployment. Establish policies and tools for effective data storage … principles. Security & Compliance Mastery: Demonstrable experience building a corporate security program from the ground up. You have successfully led an organization through at least one major compliance audit (e.g., SOC 2, ISO 27001). A relevant certification (e.g., CISSP, CISM) is a strong plus. Automation Mindset: You have a proven ability to automate IT operations, from employee onboarding More ❯

regulatory compliance across the business. The Role: Own and evolve the company-wide security strategy across infrastructure, application, and corporate environments Lead our global compliance programs (e.g., ISO 27001, SOC 2) ensuring we meet regulatory and customer trust requirements. Build and maintain relationships with auditors, ensuring smooth audit processes Address AI-specific compliance requirements around data usage, model … Manager) Deep understanding of infrastructure security, application security, and cloud security Experience performing security operations or investigations involving large scale Kubernetes environments Track record of successfully managing compliance certifications (SOC 2, ISO 27001, etc.) Exceptional communication and collaboration skills An ability to lead projects with little guidance Experience contributing to a high growth startup environment Experience securing cloud More ❯

them to specific business outcomes on their timelines. Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Provide insightful technical answers and recommend the most efficient way for customers to … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

and expansion opportunities within your book of business Become a product expert on Vanta and how our platform can be used to improve security posture through our compliance offerings (SOC 2, ISO 27001, GDPR, HIPAA, USDP and Custom Frameworks), Trust Reports, and Risk Management solution. Guide implementation, configuration, and optimization of Vanta Trust Management Platform Provide professional advice … by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. Now more than ever, making security continuous-not just a More ❯

provide actionable feedback to internal teams to enhance documentation and control readiness. Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks. Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking. Identify and analyze gaps in current and new processes, developing and tracking remediation … Hardware Security Modules (HSMs), and Key Management Systems (KMS). Solid understanding of cloud and network security architecture and configurations. Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS. Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices. Proficiency in preparing client More ❯

provide actionable feedback to internal teams to enhance documentation and control readiness. Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks. Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking. Identify and analyze gaps in current and new processes, developing and tracking remediation … Hardware Security Modules (HSMs), and Key Management Systems (KMS). Solid understanding of cloud and network security architecture and configurations. Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS. Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices. Proficiency in preparing client More ❯

provide actionable feedback to internal teams to enhance documentation and control readiness. Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks. Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking. Identify and analyze gaps in current and new processes, developing and tracking remediation … Hardware Security Modules (HSMs), and Key Management Systems (KMS). Solid understanding of cloud and network security architecture and configurations. Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS. Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices. Proficiency in preparing client More ❯

provide actionable feedback to internal teams to enhance documentation and control readiness. Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks. Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking. Identify and analyze gaps in current and new processes, developing and tracking remediation … Hardware Security Modules (HSMs), and Key Management Systems (KMS). Solid understanding of cloud and network security architecture and configurations. Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS. Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices. Proficiency in preparing client More ❯

provide actionable feedback to internal teams to enhance documentation and control readiness. Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks. Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking. Identify and analyze gaps in current and new processes, developing and tracking remediation … Hardware Security Modules (HSMs), and Key Management Systems (KMS). Solid understanding of cloud and network security architecture and configurations. Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS. Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices. Proficiency in preparing client More ❯