Head of Compliance

At Beam, you get to do work that matters for the world. We’re solving the world's toughest social problems with an incredible team, tech and AI. And we’re growing fast. Join a company at the forefront of social impact, driving first‑of‑its‑kind positive change. You’ll be part of a high‑performance culture where you'll make a huge impact, rapidly progress your career, and truly enjoy your work. From top‑tier coaching and personal development budgets to competitive salaries, we take care of everyone who works at Beam.

As Head of Compliance, you'll run the operational heart of Beam's compliance function: a multi‑certification portfolio, the privacy practice alongside Legal, and the customer‑assurance front line with enterprise and public‑sector buyers. This is a hands‑on operator's role - on the audits, the processes, and the buyer conversations. You’ll join Trust & Safety, reporting to our Chief Information Risk Officer (CIRO) on a deliberately flat team: a Junior Compliance Analyst and three incoming senior hires (Information Security Operations, Management Systems & Risk, and US Compliance Leads). You'll start as a senior individual contributor with a clear path to building and leading a team as we grow, and you'll act as the CIRO's deputy on compliance matters.

What you'll do:

• Own Beam's certification portfolio end‑to‑end including ISO 27001, SOC 2 Type II, HIPAA, NHS DSPT, Cyber Essentials, GDPR and more, from planning and evidence to audit liaison and renewals. Three further ISO standards land March 2027; GovRAMP Core is underway in the US.
• Run privacy operations: DSARs to deadline, DPIAs, the ROPA, Article 28 sub‑processor governance, and breach assessment.
• Lead customer assurance with enterprise and public‑sector buyers (including the NHS), owning security questionnaires, due diligence, and defending Beam's positions in sales conversations.
• Keep evidence continuously audit‑ready in Drata, so audits are controlled, not a scramble.
• Build the runbooks and cross‑training that make the practice resilient.
• Deputise for the CIRO on compliance decisions and escalations, setting the standard across Trust & Safety.

What you'll need:

• Personal ownership of a multi‑framework certification portfolio in B2B SaaS - ISO 27001 or SOC 2 minimum, ideally with Cyber Essentials and a health or public‑sector framework (NHS DSPT, HIPAA).
• You've run audits, evidence, and renewals yourself, not in support.
• Deep working UK GDPR knowledge you can apply without reaching for references - and the judgement to take a defensible customer‑facing position fast and explain its legal basis.
• A track record as a calm, credible assurance operator with enterprise and public‑sector buyers, holding a proportionate line on out‑of‑scope demands without damaging the relationship.

Nice to have:

• You lead without authority, coordinating work across peer specialists.
• US public‑sector exposure (GovRAMP/StateRAMP or US state privacy) to support handover to our incoming US Compliance Lead.
• A health, social‑care, or govtech background, with hands‑on Drata (or similar) and customer trust portal experience.

Reasonable adjustments: Beam is committed to fostering an inclusive, diverse, and supportive work environment for all employees. This policy extends to our hiring practices. We recognise that some candidates may need additional support during their hiring process to give them the best chance of being a success. To ensure that all candidates have an equitable opportunity during their process, we are committed to providing reasonable adjustments where required. Please be reassured that any reasonable adjustment requests will not be taken into account when making a decision about your candidacy.