Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Own compliance operations and enhance security frameworks in a dynamic fintech environment.
- Company: Join a cutting-edge fintech company focused on subscription billing and revenue management.
- Benefits: Enjoy a hybrid work model, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact on security and compliance while working with innovative technologies.
- Qualifications: 2-4 years in information security or related fields; strong documentation and testing skills required.
- Other info: Be part of a culture that values trust, collaboration, and continuous improvement.
We are working with a fintech business specialising in subscription billing and revenue management for high-growth, usage-based companies. They are looking for their first dedicated compliance hire within the business. The role sits at the intersection of technology, risk and commercial growth, taking ownership of security and compliance frameworks while working closely with the CIO and wider engineering teams. The foundations are already in place and cloud infrastructure is mature and a GRC platform is live. What’s needed now is a hands-on specialist to own day-to-day compliance operations, maintain existing certifications, and lead the organisation through its next stage of security maturity.
Key responsibilities
- Compliance ownership & framework delivery
- Take full ownership of the compliance programme, maintaining PCI Level 1 and leading the delivery of SOC 2 and ISO 27001.
- Act as the operational owner of Sprinto, ensuring controls remain effective, evidence is maintained, and audits are continuously 'ready'.
- Work closely with the CIO to identify, document and remediate control failures across the GCP environment, including IAM, storage and access issues.
- Cloud security, risk & operations
- Perform ongoing security assessments across infrastructure and applications, including vulnerability testing and technical risk analysis.
- Serve as the primary security incident lead, responsible for root cause analysis, coordination of remediation and post-incident review.
- Maintain, test and continuously improve incident response and disaster recovery plans.
- Governance, privacy & assurance
- Own data protection obligations, including GDPR and CCPA, mapping and auditing data flows within the GCP environment.
- Lead third-party security assessments, working with vendors to ensure ongoing alignment with security and privacy expectations.
- Periodically review billing, subscriptions and payment processes to ensure alignment with fintech regulations and fair-trading standards.
- Trust, enablement & culture
- Treat compliance as a product: create clear internal training, guidance and 'trust bulletins' that help teams understand the why behind security controls.
- Partner with marketing and commercial teams to develop a customer-facing Trust Portal, translating technical security controls into clear, credible messaging for enterprise clients.
- Champion a 'compliance by design' mindset across engineering and operations.
Experience & background
- 2-4 years’ experience in information security, GRC, IT audit or a closely related role.
- Strong experience producing security documentation, policies and evidence that link compliance requirements to real technical controls.
- Hands-on exposure to security testing methodologies, including vulnerability assessment and penetration testing.
Technical familiarity
- Confident working within Google Cloud Platform, particularly IAM, Cloud Storage and logging/monitoring services.
- Solid understanding of cloud security concepts; exposure to Kubernetes or containerised environments is highly beneficial.
- Comfortable acting as a technical translator between security frameworks and engineering implementation.
Information Security & Compliance Specialist in Portsmouth employer: Develop
Contact Detail:
Develop Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security & Compliance Specialist in Portsmouth
✨Tip Number 1
Network like a pro! Reach out to folks in the fintech space, especially those who are already in compliance roles. Attend industry meetups or webinars to make connections and learn about potential job openings that might not be advertised.
✨Tip Number 2
Show off your skills! Prepare a portfolio or case studies that highlight your experience with compliance frameworks like PCI Level 1, SOC 2, and ISO 27001. This will help you stand out during interviews and demonstrate your hands-on expertise.
✨Tip Number 3
Practice makes perfect! Conduct mock interviews with friends or use online platforms to refine your responses. Focus on articulating how you've tackled compliance challenges in the past and how you can contribute to the company's security maturity.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, it shows you're genuinely interested in joining our team and contributing to our mission in the fintech world.
We think you need these skills to ace Information Security & Compliance Specialist in Portsmouth
Some tips for your application 🫡
Show Your Passion for Compliance: When writing your application, let us see your enthusiasm for compliance and security. Share any relevant experiences or projects that highlight your commitment to maintaining high standards in information security.
Tailor Your CV and Cover Letter: Make sure to customise your CV and cover letter to reflect the specific requirements of the Information Security & Compliance Specialist role. Use keywords from the job description to demonstrate that you understand what we’re looking for.
Highlight Your Technical Skills: Don’t forget to showcase your technical skills, especially your experience with Google Cloud Platform and security testing methodologies. We want to know how you can contribute to our compliance programme right from the start!
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team.
How to prepare for a job interview at Develop
✨Know Your Compliance Frameworks
Make sure you’re well-versed in PCI Level 1, SOC 2, and ISO 27001. Brush up on the specifics of these frameworks and be ready to discuss how you've applied them in past roles. This will show that you understand the compliance landscape and can hit the ground running.
✨Demonstrate Technical Familiarity
Since the role involves working with Google Cloud Platform, be prepared to talk about your hands-on experience with IAM, Cloud Storage, and security testing methodologies. Share specific examples of how you've conducted vulnerability assessments or managed security incidents in the past.
✨Showcase Your Communication Skills
This position requires translating complex security concepts into understandable terms for non-technical teams. Prepare to give examples of how you've successfully communicated compliance requirements or security protocols to different stakeholders, including marketing and engineering teams.
✨Emphasise a 'Compliance by Design' Mindset
Be ready to discuss how you can integrate compliance into the product development lifecycle. Share ideas on how you would create training materials or guidance to help teams understand the importance of security controls, demonstrating your proactive approach to fostering a culture of compliance.
