Security & Compliance Lead

London - UK

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Security & Compliance Lead

The Role

Security and compliance at Prolific arent afterthoughts theyre foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2 and were looking for someone to own and evolve our security and compliance posture as we grow.

As Security & Compliance Lead youll be the go-to authority on information security across the organisation. Youll own our compliance program lead security operations and work hands-on with engineering and platform teams to ensure security is embedded in how we build and operate not bolted on after the fact. This means getting into the weeds of our cloud infrastructure shaping how security fits into the SDLC and driving a DevSecOps mindset across engineering.

Youll report to the Head of Engineering/Platform and work cross-functionally with legal techops engineering platform and data teams. As we scale theres a clear path for this role to grow into managing a small security function.

This is a hands-on senior role. You wont just be writing policies youll be monitoring threats responding to incidents driving audits reviewing cloud security posture and shaping how Prolific approaches security as we scale across the world.

What youll be doing

Security Operations & Cloud Security

Monitor for security threats vulnerabilities and incidents across our infrastructure applications and tooling.
Create respond to and investigate security alerts using SIEM tooling (e.g. Datadog) triaging and escalating as appropriate.
Own and improve our endpoint security vulnerability scanning (e.g. Snyk) and cloud security posture management across GCP and AWS.
Design and implement security architectures across our cloud infrastructure working hands-on with Kubernetes Terraform/IaC and cloud-native services.
Lead incident response minimising impact ensuring rapid recovery and coordinating post-incident analysis and reporting.
Coordinate penetration testing and manage remediation of findings.

Compliance & Governance

Take responsibility for all technical aspects of our compliance program ensuring we maintain ISO 27001 SOC 2 and Cyber Essentials certifications.
Lead the preparation and coordination of external audits ensuring documentation and evidence are always audit-ready.
Create manage and maintain security and compliance frameworks including policies procedures and guidelines.
Partner with legal and our DPO on GDPR and data privacy requirements ensuring our security practices support our data protection obligations.
Align security strategy with business objectives managing risks while enabling growth.
Assist data teams with governance requirements.

DevSecOps & Engineering Partnership

Be the authority on information security within the engineering organisation ensuring security is embedded throughout the SDLC.
Work cross-functionally with engineering and platform teams to integrate security into CI/CD pipelines code review and infrastructure-as-code workflows.
Contribute to platform and infrastructure security architecture decisions providing guidance on secure design patterns and cloud security best practices.
Promote security awareness across the business including secure development practices cloud platform security and general security hygiene.

Threat Intelligence

Identify and assess emerging threats and vulnerabilities recommending actionable mitigations to reduce risk exposure.
Monitor and report on trends in the cyber threat landscape providing insights to inform organisational security decisions.
Share threat intelligence and mitigation strategies with relevant teams to enhance awareness and preparedness.

What youll bring

5 years of experience in security operations cloud security or a combined security and compliance role with a track record of owning and delivering security outcomes independently.
Strong hands-on experience with cloud security in GCP and/or AWS including working with Kubernetes Terraform/IaC and cloud-native security tooling.
Deep understanding of compliance frameworks such as ISO 27001 and SOC 2 with experience owning or significantly contributing to audit preparation and certification maintenance.
Experience with security tooling across SIEM vulnerability scanning endpoint security and cloud security posture management.
A solid understanding of DevSecOps principles and experience embedding security into the software development lifecycle.
Working knowledge of GDPR and data privacy requirements and experience partnering with legal or DPO functions.
Strong communication skills you can translate security risks into business language influence engineering teams and write documentation thats clear and actionable.
The ability to work independently manage competing priorities and exercise good judgement about where to focus your time.
A proactive mindset you spot risks early propose solutions and take ownership without being asked.

Even better if you have

Experience coordinating penetration testing programmes and managing remediation.
Familiarity with infrastructure-as-code security scanning and policy-as-code approaches.
Experience with incident response programme design or tabletop exercises.
Exposure to customer security questionnaires vendor due diligence or third-party risk assessments.
Experience working in a scaling company where youve helped build security processes and culture from the ground up.
A relevant security certification such as CISSP CISM or cloud-specific security certifications (e.g. GCP Professional Cloud Security Engineer).
Experience mentoring or growing into a people management role.
Why Prolific is a great place to work
Weve built a unique platform that connects researchers and companies with a global pool of participants enabling the collection of high-quality ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate nuanced and aligned AI systems.
We believe that the next leap in AI capabilities wont come solely from scaling existing models but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure Prolific is positioning itself at the forefront of the next wave of AI innovation one that reflects the breath and the best of humanity.
Working for us will place you at the forefront of AI innovation providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary benefits and remote working within our impactful mission-driven culture.
Links to more information on Prolific
Benefits
External Handbook
Website
Youtube
Privacy Statement
By submitting your application you agree that Prolific may collect your personal data for recruiting and global organisation planning. ProlificsCandidate Privacy Noticeexplains what personal information Prolific may process where Prolific may process your personal information its purposes for processing your personal information and the rights you can exercise over Prolific use of your personal information.

Security & Compliance LeadThe RoleSecurity and compliance at Prolific arent afterthoughts theyre foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale we take our responsibility to protect that trust seriously. We m...

Security & Compliance Lead

The Role

What youll be doing

Security Operations & Cloud Security

Monitor for security threats vulnerabilities and incidents across our infrastructure applications and tooling.
Create respond to and investigate security alerts using SIEM tooling (e.g. Datadog) triaging and escalating as appropriate.
Own and improve our endpoint security vulnerability scanning (e.g. Snyk) and cloud security posture management across GCP and AWS.
Design and implement security architectures across our cloud infrastructure working hands-on with Kubernetes Terraform/IaC and cloud-native services.
Lead incident response minimising impact ensuring rapid recovery and coordinating post-incident analysis and reporting.
Coordinate penetration testing and manage remediation of findings.

Compliance & Governance

Take responsibility for all technical aspects of our compliance program ensuring we maintain ISO 27001 SOC 2 and Cyber Essentials certifications.
Lead the preparation and coordination of external audits ensuring documentation and evidence are always audit-ready.
Create manage and maintain security and compliance frameworks including policies procedures and guidelines.
Partner with legal and our DPO on GDPR and data privacy requirements ensuring our security practices support our data protection obligations.
Align security strategy with business objectives managing risks while enabling growth.
Assist data teams with governance requirements.

DevSecOps & Engineering Partnership

Be the authority on information security within the engineering organisation ensuring security is embedded throughout the SDLC.
Work cross-functionally with engineering and platform teams to integrate security into CI/CD pipelines code review and infrastructure-as-code workflows.
Contribute to platform and infrastructure security architecture decisions providing guidance on secure design patterns and cloud security best practices.
Promote security awareness across the business including secure development practices cloud platform security and general security hygiene.

Threat Intelligence

Identify and assess emerging threats and vulnerabilities recommending actionable mitigations to reduce risk exposure.
Monitor and report on trends in the cyber threat landscape providing insights to inform organisational security decisions.
Share threat intelligence and mitigation strategies with relevant teams to enhance awareness and preparedness.

What youll bring

5 years of experience in security operations cloud security or a combined security and compliance role with a track record of owning and delivering security outcomes independently.
Strong hands-on experience with cloud security in GCP and/or AWS including working with Kubernetes Terraform/IaC and cloud-native security tooling.
Deep understanding of compliance frameworks such as ISO 27001 and SOC 2 with experience owning or significantly contributing to audit preparation and certification maintenance.
Experience with security tooling across SIEM vulnerability scanning endpoint security and cloud security posture management.
A solid understanding of DevSecOps principles and experience embedding security into the software development lifecycle.
Working knowledge of GDPR and data privacy requirements and experience partnering with legal or DPO functions.
Strong communication skills you can translate security risks into business language influence engineering teams and write documentation thats clear and actionable.
The ability to work independently manage competing priorities and exercise good judgement about where to focus your time.
A proactive mindset you spot risks early propose solutions and take ownership without being asked.

Even better if you have

Experience coordinating penetration testing programmes and managing remediation.
Familiarity with infrastructure-as-code security scanning and policy-as-code approaches.
Experience with incident response programme design or tabletop exercises.
Exposure to customer security questionnaires vendor due diligence or third-party risk assessments.
Experience working in a scaling company where youve helped build security processes and culture from the ground up.
A relevant security certification such as CISSP CISM or cloud-specific security certifications (e.g. GCP Professional Cloud Security Engineer).
Experience mentoring or growing into a people management role.
Why Prolific is a great place to work
Weve built a unique platform that connects researchers and companies with a global pool of participants enabling the collection of high-quality ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate nuanced and aligned AI systems.
We believe that the next leap in AI capabilities wont come solely from scaling existing models but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure Prolific is positioning itself at the forefront of the next wave of AI innovation one that reflects the breath and the best of humanity.
Working for us will place you at the forefront of AI innovation providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary benefits and remote working within our impactful mission-driven culture.
Links to more information on Prolific
Benefits
External Handbook
Website
Youtube
Privacy Statement
By submitting your application you agree that Prolific may collect your personal data for recruiting and global organisation planning. ProlificsCandidate Privacy Noticeexplains what personal information Prolific may process where Prolific may process your personal information its purposes for processing your personal information and the rights you can exercise over Prolific use of your personal information.