Location: London (hybrid, flexible on office days)
Type: Permanent, full-time
About the role
- A fast-growing cybersecurity startup is making its first dedicated security and compliance hire.
- The company sells into large enterprises, where certifications come up in every sales conversation.
- ISO 27001, SOC 2 and a strong security posture have become a condition of doing business.
- No one owns this internally yet, and it’s starting to hold deals up.
- This role takes ownership of it. You’ll build the security and compliance function from scratch: set up the tooling, write the policies, and take the company through certification to audit. As a cyber company, internal security has to be genuinely strong here, not signed off on paper, so the work matters beyond the badge.
- It’s a hands-on, individual contributor role for someone with the judgment to think a step ahead.
- For the right person, there’s a clear path to CISO as the company grows.
Key responsibilities
- Set up and configure the compliance platform (likely Drata or Vanta) from the ground up.
- Lead the company through SOC 2 Type 1, SOC 2 Type 2, and ISO 27001, end-to-end and through audit.
- Write and embed the security policies, controls, and processes that don’t yet exist.
- Strengthen the internal security posture and close gaps as you find them.
- Build security controls into the infrastructure, sequenced around a planned migration from GCP to AWS.
- Shape where the company’s security and compliance go next.
What we’re looking for
- Hands‑on experience running SOC 2 and ISO 27001 yourself, end-to-end and through audit. We need someone who has owned a certification, not been one of a large team that delivered one.
- Proven set‑up of a compliance platform, such as Drata or Vanta, from scratch.
- A security engineering background, with enough IT exposure to work across both.
- Comfortable writing policy and building process in an early‑stage environment where neither exists yet.
- Ideally, experience doing this in a smaller team where you did the hands‑on work yourself.
- Backgrounds in fintech, cybersecurity, or other regulated industries will translate best.
What’s on offer
- Meaningful equity from an early stage.
- Wellness budget.
- Hybrid working with genuine flexibility on office days. You’ll need to come in occasionally, so a London or commutable base works best.
- A small, close‑kitted team and the chance to own an important function from day one, with a path to CISO.
How to apply
If you’ve taken a company through certification before and want to do it again as the first dedicated security hire, apply with your CV or get in touch for a confidential chat.
#J-18808-Ljbffr…
