GRC Specialist
Remote, UK
£70,000 - £80,000
Please Note
To be considered for this role, applicants must:
* Hold a relevant university degree in Cyber Security, Information Security, Computer Science, Information Systems, Technology, Risk Management or a related field
* Have experience working within a SaaS software company
* Have experience operating within Microsoft 365, Azure and Entra ID environments
* Have hands-on experience with compliance automation platforms such as Vanta, Drata, Secureframe, Sprinto or similar
About the Company
We’re partnering with a rapidly growing B2B SaaS company whose platform is deeply integrated with Microsoft 365 and Microsoft Teams. The business works with enterprise and mid-market organisations globally, including customers operating in highly regulated sectors.
As customer requirements continue to evolve, security, compliance and trust have become increasingly important drivers of both customer acquisition and retention. The company has invested heavily in building a mature security and compliance function and already maintains certifications including SOC 2 Type 2 and ISO 27001.
Given the nature of the product and customer environment, Microsoft technologies sit at the core of the business, making experience within Microsoft 365, Azure and Entra ID environments particularly important for this position.
With continued international growth and increasing enterprise adoption, they are now looking to strengthen their Governance, Risk & Compliance capability through the addition of a GRC Specialist.
The Role
This is a hands-on Governance, Risk & Compliance role operating at the intersection of compliance, security and customer trust.
You'll be responsible for the day-to-day operation of the company's compliance programmes, helping maintain certifications, support customer security requirements and ensure compliance processes continue to scale alongside the business.
Working closely with leadership, engineering, legal and external auditors, you'll play an important role in maintaining the company's security and compliance posture while helping support enterprise customer relationships and commercial growth.
Given the company's Microsoft-centric technology environment, you'll regularly work alongside teams responsible for Microsoft 365, Azure and Entra ID, helping ensure compliance controls, governance processes and security requirements align with both internal standards and customer
expectations.
The role combines framework management, audit coordination, customer-facing security engagement and ongoing compliance operations within a fast-growing SaaS environment.
Responsibilities
* Operate and maintain ongoing SOC 2 Type 2 and ISO 27001 compliance programmes
* Coordinate audit cycles and work closely with external auditors
* Manage evidence collection, remediation tracking and control monitoring
* Operate and maintain compliance tooling such as Vanta
* Support enterprise sales processes through security questionnaires and customer due diligence
* Participate in customer security and compliance review calls
* Review and support DPAs, NDAs and security-related contractual terms
* Maintain and evolve the company’s Trust Center and public-facing compliance documentation
* Work closely with engineering, product and leadership teams on security and compliance initiatives across Microsoft 365, Azure and Entra ID environments
* Support future framework expansion across additional compliance standards
* Support enterprise customer procurement and vendor risk assessment processes
* Own customer-facing trust and compliance documentation
What We're Looking For
* Relevant university degree in Cyber Security, Information Security, Computer Science, Information Systems, Technology, Risk Management or a related field
* Experience working within a B2B SaaS or cloud software environment
* Experience supporting and operating SOC 2 Type 2 and ISO 27001 programmes
* Hands-on experience with compliance automation platforms such as Vanta, Drata, Secureframe, Sprinto or similar
* Experience operating within Microsoft 365, Azure and Entra ID environments
* Understanding of Microsoft identity, access management and security controls
* Experience supporting enterprise sales teams through security questionnaires, customer audits and due diligence exercises
* Strong understanding of cloud infrastructure, identity management and modern SaaS environments
* Practical knowledge of GDPR and privacy requirements
* Strong organisational skills with the ability to manage multiple compliance workstreams simultaneously
* Excellent communication skills and the ability to engage confidently with both technical and non-technical stakeholders
* Comfortable working independently within a scaling business environment
Nice to Have
* Experience supporting Microsoft-focused SaaS products or platforms
* Experience with ISO 42001 (AI Governance)
* Experience supporting FedRAMP, NIST, HIPAA or TISAX initiatives
* Certifications such as CISA, CISM, CRISC, CIPP/E or ISO 27001 Lead Auditor
* Experience working within scale-up or high-growth technology businesses