GRC Specialist
Remote, UK
£70,000 - £80,000
Must have experience
* Experience using Vanta, Drata, Secureframe or similar compliance platforms
* Good understanding of cloud and identity environments including Microsoft 365, Azure and Entra ID
* Experience within Microsoft-focused SaaS environments
About the Company
We’re partnering with a fast-growing B2B SaaS company building enterprise software deeply integrated into Microsoft 365 and Teams environments. Their platform is used by enterprise and mid-market organisations across multiple geographies, including customers operating in highly regulated industries.
Security, compliance and trust are central to the company’s growth strategy and customer relationships. As the business continues to scale across enterprise markets, they’re investing further into their governance, risk and compliance capability to support both customer acquisition and long-term retention.
The business already maintains key certifications including SOC 2 Type 2 and ISO 27001 and operates with a modern, automation-led compliance approach.
The Role
This is a hands-on GRC role operating at the intersection of compliance, security and commercial operations.
You’ll take ownership of the day-to-day running of the company’s governance, risk and compliance programs, working closely with leadership, external auditors, legal counsel and technical teams.
The role will involve a mix of audit coordination, policy management, customer-facing security work and ongoing operational compliance management.
You’ll play a key role in supporting enterprise customer trust, helping navigate complex security reviews and ensuring the organisation maintains a strong compliance posture as customer and market requirements evolve.
Responsibilities
* Own and operate ongoing SOC 2 Type 2 and ISO 27001 compliance programs
* Coordinate audit cycles and work closely with external auditors
* Manage evidence collection, remediation tracking and control monitoring
* Operate and maintain compliance tooling such as Vanta
* Support enterprise sales processes through security questionnaires and customer duediligence
* Participate in customer security and compliance review calls
* Review and support DPAs, NDAs and security-related contractual terms
* Maintain and evolve the company’s Trust Center and public-facing compliance documentation
* Work closely with engineering, product and leadership teams on security and compliance initiatives
* Help shape future framework expansion across additional compliance standards
What We’re Looking For
* Strong experience operating GRC programs within SaaS or technology businesses
* Hands-on knowledge of SOC 2 Type 2 and ISO 27001
* Experience using Vanta, Drata, Secureframe or similar compliance platforms
* Good understanding of cloud and identity environments including Microsoft 365, Azure and Entra ID
* Practical GDPR knowledge including DPAs, DPIAs and sub-processor management
* Experience responding to enterprise security questionnaires and customer audits
* Ability to balance strong compliance standards with commercial pragmatism
* Strong communication skills with the ability to engage both technical and non-technical stakeholders
* Comfortable operating autonomously within a scaling business environment
Nice to have
* Experience with additional compliance frameworks such as ISO 42001, HIP
* AA or TISAX
* Background supporting regulated industries including financial services or
* healthcare
* Certifications such as CISA, CISM, CRISC, CIPP/E or ISO 27001 Lead Auditor