Founding Security & Compliance Engineer

Company: rmg digital
Apply for the Founding Security & Compliance Engineer
Location: London
Job Description:

Location: London (hybrid, flexible on office days)

Type: Permanent, full-time

About the role

  • A fast-growing cybersecurity startup is making its first dedicated security and compliance hire.
  • The company sells into large enterprises, where certifications come up in every sales conversation.
  • ISO 27001, SOC 2 and a strong security posture have become a condition of doing business.
  • No one owns this internally yet, and it’s starting to hold deals up.
  • This role takes ownership of it. You’ll build the security and compliance function from scratch: set up the tooling, write the policies, and take the company through certification to audit. As a cyber company, internal security has to be genuinely strong here, not signed off on paper, so the work matters beyond the badge.
  • It’s a hands-on, individual contributor role for someone with the judgment to think a step ahead.
  • For the right person, there’s a clear path to CISO as the company grows.

Key responsibilities

  • Set up and configure the compliance platform (likely Drata or Vanta) from the ground up.
  • Lead the company through SOC 2 Type 1, SOC 2 Type 2, and ISO 27001, end-to-end and through audit.
  • Write and embed the security policies, controls, and processes that don’t yet exist.
  • Strengthen the internal security posture and close gaps as you find them.
  • Build security controls into the infrastructure, sequenced around a planned migration from GCP to AWS.
  • Shape where the company’s security and compliance go next.

What we’re looking for

  • Hands‑on experience running SOC 2 and ISO 27001 yourself, end-to-end and through audit. We need someone who has owned a certification, not been one of a large team that delivered one.
  • Proven set‑up of a compliance platform, such as Drata or Vanta, from scratch.
  • A security engineering background, with enough IT exposure to work across both.
  • Comfortable writing policy and building process in an early‑stage environment where neither exists yet.
  • Ideally, experience doing this in a smaller team where you did the hands‑on work yourself.
  • Backgrounds in fintech, cybersecurity, or other regulated industries will translate best.

What’s on offer

  • Meaningful equity from an early stage.
  • Wellness budget.
  • Hybrid working with genuine flexibility on office days. You’ll need to come in occasionally, so a London or commutable base works best.
  • A small, close‑kitted team and the chance to own an important function from day one, with a path to CISO.

How to apply

If you’ve taken a company through certification before and want to do it again as the first dedicated security hire, apply with your CV or get in touch for a confidential chat.

#J-18808-Ljbffr…

Posted: June 23rd, 2026