151 to 175 of 179 SOC 2 Jobs in the UK

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform £70–80k base + 10% bonus Hybrid in London Training budget for certifications + conference attendance Strong emphasis on professional autonomy and ethical leadership A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of … U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team. This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability. What … you’ll bring: 5+ years in InfoSec, IT Security or Ops within a regulated environment Certification required: CISSP, CISM, CRISC, or equivalent Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA Confident with security risk assessments, audit responses, and policy governance Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model Comfort More ❯

building resilient cloud infrastructure? Join our growing team as a Senior Cyber Security Engineer , and help us protect critical platforms while enabling innovation at scale. ?? Location: Berkshire, UK (Hybrid 2-3 days onsite) About the Role As a Senior Cyber Security Engineer, youll be a key member of our security team, responsible for designing, implementing, and maintaining robust security … into CI/CD pipelines Monitor and respond to security incidents, coordinating investigation and remediation efforts Drive security automation and infrastructure-as-code initiatives Support compliance efforts (ISO 27001, SOC2, etc.) through technical controls and documentation What Were Looking For Proven experience as a security engineer with a strong background in cloud security (AWS, Azure, or GCP) Solid understanding of More ❯

pipelines. Working experience of the above concepts in the context of at least one major public cloud provider (AWS, GCP, or Azure). Understanding of global security standards (like SOC2 or ISO 27001) and regulatory requirements and experience in maintaining compliance with these. A desire to teach others and share knowledge. We want you to coach other team members on … Infrastructure penetration testing (OWASP top 10, OWASP ASVS). Understanding of security vulnerabilities and remediation options in codebases & containers. Working knowledge of methods for authentication and authorization (ODIC, OAuth 2, FIDO 2, etc) Don't worry if you don't meet all the criteria - your unique skills and experiences are valued, and we encourage you to apply! What More ❯

detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security for robust protection across all assets Define … Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response More ❯

detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security for robust protection across all assets Define … Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response More ❯

detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security for robust protection across all assets Define … Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response More ❯

The Business Intelligence Developer will be responsible for working with fund accounting professionals and technology organizations to build, maintain, and complete customized reporting statements. The position requires at least 2 years of experience using QlikView version 11 or higher, with proven expertise in the following areas: Good knowledge of SQL, relational databases, and Dimensional Modeling Experience working with large … experience across various fund types. Key facts include: Over $1 Trillion assets under administration Servicing nearly all significant investors in the asset class Institutional-grade infrastructure with SSAE 18 (SOC-1, Type 2) certification Industry-leading experienced team More ❯

vendor relationships, ensuring long-term value creation. Champion vendor compliance through regular audits and assessments, ensuring adherence to internal policies, external regulations, and industry standards. Review and evaluate the SOC 1 Type 2 reports to ensure robust change control processes are in place, verifying vendor compliance with contractual and operational requirements. Stay at the forefront of industry developments … Gatekeeper preferred), contract management (including systems), and performance monitoring software. Certifications in Vendor Management (e.g., CPO, CPSM and CIPS) are a plus. Knowledge and experience in maintaining and reviewing SOC 1 Type 2 Reports, along with other certifications and disaster recovery (DR) outputs. Knowledge of fintech regulatory environments and compliance frameworks (e.g., PSD2, GDPR, PCI-DSS) preferred. Working More ❯

to align security operations objectives with business needs, ensuring proactive risk management. Continuously assess and implement security automation to enhance efficiency and reduce operational overhead. Support compliance initiatives (PCI, SOC2, ISO) by ensuring audit readiness and security visibility across critical systems. About You: Extensive experience leading security operations functions, including incident response, threat detection, and security monitoring at scale. Strong … collaborating with security, engineering, and business teams to drive operational improvements. Bonus If You: Have experience leading security operations in a high-growth, cloud-native environment. Have worked with SOC providers, managed security services, or security automation platforms. Have built and scaled incident response and threat detection programs. Have experience improving security observability across distributed infrastructures. Competitive compensation package … following states?Alabama, Alaska, Delaware, Kansas, Maine, Mississippi, Montana, Nebraska, New Mexico, North Dakota, South Dakota, West Virginia, or Wyoming. Yes No This role requires a hybrid schedule with 2 days per week in the SF office. Are you committed to this hybrid schedule? Please double-check all the information provided above. Ensuring accuracy is crucial, as any errors More ❯

AI Back End Engineer** (Contract) Duration: 6 Months (Possibility for extension) Location: London/Hybrid (2 - 3 days on site) Rate: A highly competitive Umbrella Day Rate is available for suitable candidates Role Profile Are you ready to shape the future of AI in financial services? We are looking for a talented AI Back-End Engineer to join our … EU AI Act, FCA cybersecurity principles, and oversight of critical systems. Previous collaboration with cybersecurity and compliance teams in regulated environments. Knowledge of controls under ISO 27001, NIST, or SOC2 frameworks. Candidates will need to show evidence of the above in their CV in order to be considered. If you feel you have the skills and experience and want to More ❯

AI Back End Engineer** (Contract) Duration: 6 Months (Possibility for extension) Location: London/Hybrid (2 - 3 days on site) Rate: A highly competitive Umbrella Day Rate is available for suitable candidates Role Profile Are you ready to shape the future of AI in financial services? We are looking for a talented AI Back-End Engineer to join our … EU AI Act, FCA cybersecurity principles, and oversight of critical systems. Previous collaboration with cybersecurity and compliance teams in regulated environments. Knowledge of controls under ISO 27001, NIST, or SOC2 frameworks. Candidates will need to show evidence of the above in their CV in order to be considered. If you feel you have the skills and experience and want to More ❯

of TOGAF and Zachman methodologies Knowledge of Infrastructure as Code tools (e.g. Terraform, ARM/Bicep, etc.) Knowledge of cloud security best practices and compliance standards (e.g. ISO 27001, SOC2, GDPR) Experience with containerisation and orchestration technologies (e.g. Docker, OpenShift, Kubernetes) Knowledge of ECB/DORA standards applicable to financial institutions. Daily Rate: 1150 per day inside IR35 via an … umbrella company Tenure: Up to 30/05/2026, extendable Hybrid: 3 days a week onsite in City of London; 2 days remote More ❯

of TOGAF and Zachman methodologies Knowledge of Infrastructure as Code tools (e.g. Terraform, ARM/Bicep, etc.) Knowledge of cloud security best practices and compliance standards (e.g. ISO 27001, SOC2, GDPR) Experience with containerisation and orchestration technologies (e.g. Docker, OpenShift, Kubernetes) Knowledge of ECB/DORA standards applicable to financial institutions. Daily Rate: £1150 per day inside IR35 via an … umbrella company Tenure: Up to 30/05/2026, extendable Hybrid: 3 days a week onsite in City of London; 2 days remote Keywords: Enterprise Architect, Azure, TOGAF, DORA, ECB, Zachman, cloud, Google Cloud platform, GCP, IaaS, PaaS, SaaS More ❯

enforce comprehensive cloud security policies, standards, and procedures that govern cloud infrastructure, services, and containerised workloads. Work collaboratively to integrate security compliance frameworks such as CIS Benchmarks, NIST, and SOC2, ensuring policies are consistently applied across the organization. Cloud Migration & Native Infrastructure Support: Provide guidance and hands on support to teams migrating workloads and applications to cloud-native systems, ensuring … Experience in advocating for security automation and DevSecOps practices to streamline security governance. More information: Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits. We prioritise career growth with clear career More ❯

DORA, BAIT, GDPR and local frameworks Collaborate with Information Security and Technology Risk and Controls teams to identify and manage risks, evolve controls, ensure compliance with applicable frameworks (SOX, SOC2 and ISO27001) and meet business objectives Own the roadmap by defining success metrics, adoption targets and delivery milestones; monitor progress using both qualitative insights and quantitative KPIs Identify cross-functional … outsourced security providers and tracking SLAs/KPIs to ensure delivery Deep familiarity with EMEA frameworks (MiCA, DORA, BAIT, GDPR) and experience implementing cyber/security frameworks (NIST CSF, SOC2, ISO27001) Strong ability to design straightforward processes that flex to solve novel challenges and evolving regulations Excellent at distilling complex security risks into clear, concise updates for both technical teams More ❯

IT security role within a regulated or financial firm Security certifications: SSCP, Security+, or equivalent Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc. Comfortable with security tooling and metrics-driven reporting Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose Ethical mindset: understand when to escalate, when … to challenge, and how to own your area What you’ll be doing: ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks Security awareness training: drive phishing simulations and curate internal content via Proofpoint BAU InfoSec operations: ticket triage, KPI reporting More ❯

security alerts across multiple channels, including managed SOC escalations. Maintain visibility and logging infrastructure, ensuring effective SIEM (Security Information and Event Management) operations. Support security audits for PCI, SOC2, ISO, and other compliance frameworks, gathering evidence and collaborating with Engineering, GRC and the broader Security Division. Proactively enhance security operations by developing and deploying new detections, security tooling and … scripting language (Python, Bash) and one compiled language (Rust, Go). Familiarity with serverless functions and API security is a plus. Bonus If You: Have experience working with managed SOC providers and security automation platforms. Have worked in high-growth, cloud-native environments with a focus on scalability. Are comfortable working in a fast-paced environment with shifting priorities. More ❯

and cloud architecture. Demonstrated experience mentoring and developing technical teams with/without formal people management responsibilities. Strong knowledge of data privacy, compliance frameworks, and regulatory landscapes (GDPR, ISO27001, SOC2). Exceptional communication skills, able to influence technical and non-technical stakeholders including C-Level executives. Experience authoring SOWs, RFIs/RFPs, and engaging in complex contract negotiations from a … power learning experiences for over 3000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop. We have successfully achieved 2 IPOs ( TSX: DCBO & NASDAQ: DCBO ), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process. Docebo is a global company with offices in More ❯

latest AI/ML research and industry developments. Additionally, you will have a solid understanding of non-functional requirements and governance models for cloud-based AI systems, such as SOC2 and ISO 42001. Your ability to efficiently handle the demands of a dynamic, fast-paced research and development environment will be key to your success. In return, you will be … Strong experience with AWS services, particularly ECS, EC2, Lambda, and AWS Identity and Access Management (IAM). Governance Understanding: Understanding of governance for cloud-based and AI solutions (e.g., SOC2, ISO 42001, EU AI Act). ML Frameworks: Experience with ML frameworks for data preparation and training at a large scale. Learn More About Autodesk Welcome to Autodesk! Amazing things More ❯

latest AI/ML research and industry developments. Additionally, you will have a solid understanding of non-functional requirements and governance models for cloud-based AI systems, such as SOC2 and ISO 42001. Your ability to efficiently handle the demands of a dynamic, fast-paced research and development environment will be key to your success. In return, you will be … Strong experience with AWS services, particularly ECS, EC2, Lambda, and AWS Identity and Access Management (IAM). Governance Understanding: Understanding of governance for cloud-based and AI solutions (e.g., SOC2, ISO 42001, EU AI Act). ML Frameworks: Experience with ML frameworks for data preparation and training at a large scale. Learn More About Autodesk Welcome to Autodesk! Amazing things More ❯

latest AI/ML research and industry developments. Additionally, you will have a solid understanding of non-functional requirements and governance models for cloud-based AI systems, such as SOC2 and ISO 42001. Your ability to efficiently handle the demands of a dynamic, fast-paced research and development environment will be key to your success. In return, you will be … Strong experience with AWS services, particularly ECS, EC2, Lambda, and AWS Identity and Access Management (IAM). Governance Understanding: Understanding of governance for cloud-based and AI solutions (e.g., SOC2, ISO 42001, EU AI Act). ML Frameworks: Experience with ML frameworks for data preparation and training at a large scale. Learn More About Autodesk Welcome to Autodesk! Amazing things More ❯

Security Compliance Manager - Payments, PCI DSS, SOC2 - £100,000 A rapidly growing payments technology company that has established itself as a major player in the UK market, is seeking a Security Compliance Manager to drive their critical compliance initiatives and strengthen their security posture as they continue their expansion across multiple markets. This is a great opportunity for an experienced … with Qualified Security Assessors (QSAs) and managing relationships with external compliance stakeholders. Conducting regular internal assessments, gap analyses, and controls testing to ensure ongoing adherence to regulatory requirements including SOC2 and GDPR. Developing and maintaining comprehensive compliance documentation, policies, and procedures across multiple regulatory frameworks. Managing remediation efforts for identified compliance gaps and tracking progress against established timelines. Preparing executive … deep expertise in PCI DSS and successful certification achievements. Comprehensive knowledge of PCI standards including PCI PIN, PCI P2PE, PCI MPoC, and PCI SSF frameworks. Hands-on experience with SOC2 compliance initiatives and control testing methodologies. Strong analytical and project management capabilities with the ability to manage multiple compliance workstreams simultaneously. Relevant certifications such as CISSP, CISA, ISA, QSA, or More ❯

eligible for annual bonus and company share schemes, depending on performance and seniority Enjoy 25 days of holiday, increasing to 30 days over time Work in a Hybrid Model - 2 days per week in the office THE POSITION The organization has ambitious growth plans, delivering 20% annual growth and expanding across the UK, Europe, and North America. Reporting to … grievances, including coaching and case management from start to finish Maintaining HR procedures, templates, KPIs, and HR systems and records, ensuring accuracy and compliance Supporting audit processes and maintaining SOC2 certification by aligning processes with standards Managing HR data for accuracy, security, and completeness Preparing HR reports, analytics, and insights regularly and on demand, supporting HR projects with data and More ❯

the design, management, compliance, and administration of our People technology ecosystem, including our core HRIS platforms, data analytics and insights, and automation initiatives. This is a hybrid role with 2-3 days per week in our Edinburgh hub. What You'll Do Data Storytelling & Strategic Insights Dive deep into People data from various sources to identify key trends, risks … into a story. You have a proven ability to create highly polished, compelling, and professional slide decks that clearly communicate complex information to an executive audience. Analytical & Technical Acumen: 2-3+ years of experience in a role focused on HR/People technology and/or analytics. You have a knack for looking at a dataset and seeing … documentation for frameworks such as SOX, ISO Standards, and/or SOC2. Purple Perks What do we offer you? Medical, dental and vision coverage Generous PTO and observed holidays 2 Paid VoluNteer Days per year Employee Stock Purchase Program FuN-raising opportunities as part of our giving program N-ablite Learning - custom learning experience as part of our investment More ❯

the needs of internal teams (our Prolificos) What you'll be doing in the role Manage and optimise our Kubernetes clusters in GKE through Terraform Support our compliance with SOC2, ISO-27001, and Cyber Essentials standards in our cloud environments Design and implement golden paths and automation strategies that empower developers to self-serve while reducing operational complexity Create and … other Prolificos Even better if you have We're a multi-cloud team - experience with AWS and CDK is a big plus. Experience implementing/maintaining cloud compliance standards (SOC2, ISO-27001) Familiarity with observability tools like Datadog Background in implementing security best practices in cloud infrastructure Why Prolific is a great place to work We've built a unique More ❯