At a Glance
- Tasks: Lead SOC 2 programme, enhance security and compliance for a cutting-edge digital health startup.
- Company: Join an innovative AI-driven digital health startup transforming care in the UK and US.
- Benefits: Flexible working hours, competitive pay, and the chance to shape security at a growing company.
- Other info: Dynamic role with potential for extension and significant career growth opportunities.
- Why this job: Make a real impact on healthcare security while working with top tech leaders.
- Qualifications: Proven experience in SOC 2, strong governance, and technical security skills required.
The predicted salary is between 80000 - 100000 € per year.
2–3 days per week, 1 day a week in London (City). Initial 3-month engagement (likely extension). Partnered with an AI-driven digital health startup that’s redefining care across the UK and US. As they scale commercially and prepare for continued US growth, they’re looking for a hands-on Fractional CISO to work directly alongside the CTO and take ownership of their security, governance and compliance maturity. This is not a “strategy-only” advisory role. They need someone who can operate at Board level whilst also getting deep into controls, engineering processes, access management and audit readiness.
The immediate priority is leading the SOC 2 programme end-to-end, driving Type I readiness and laying the operational foundations for Type II. Crucially, the environment needs to be architected against NIST SP 800-53 from day one, so the controls implemented now can later support frameworks such as FedRAMP, TX-RAMP and broader US public-sector healthcare procurement without rework.
You’ll:
- Own the SOC 2 programme from scoping through audit delivery
- Define the system boundary, Trust Services Criteria and evidence strategy
- Lead Vanta implementation, continuous monitoring and audit preparation
- Select and manage the external auditor relationship
- Build a reusable control framework mapped across SOC 2, NIST 800-53, HIPAA, GDPR and ISO 13485
- Mature engineering governance around secure SDLC, CI/CD, IaC, change management and release controls
- Strengthen identity and access management across cloud infrastructure, SaaS tooling and production environments
- Implement least-privilege access controls, PAM processes and auditable JML workflows
- Improve Microsoft 365 / Entra ID security posture including Conditional Access, DLP and endpoint compliance
- Drive incident response, logging, monitoring, backup and disaster recovery maturity
- Lead third-party risk management and security reviews
- Support enterprise customer security reviews and questionnaires with US healthcare partners
What they’re looking for: Proven experience leading multiple SOC 2 Type I.
Fractional CISO (SOC2) employer: Few&Far
Join a pioneering AI-driven digital health startup that is transforming care across the UK and US, offering a dynamic work environment where innovation meets impact. As a Fractional CISO, you will not only shape security governance but also engage directly with leadership, fostering a culture of collaboration and continuous improvement. With opportunities for professional growth and a commitment to employee well-being, this role in London provides a unique chance to contribute to meaningful change in healthcare while advancing your career in a supportive setting.
StudySmarter Expert Advice🤫
We think this is how you could land Fractional CISO (SOC2)
✨Tip Number 1
Network like a pro! Reach out to your connections in the cybersecurity and health tech sectors. Attend industry events or webinars where you can meet potential employers or colleagues. Remember, it’s all about who you know!
✨Tip Number 2
Showcase your skills! Create a portfolio or a case study that highlights your experience with SOC 2 programmes and security frameworks. This will give you an edge when discussing your hands-on capabilities during interviews.
✨Tip Number 3
Prepare for those tricky interview questions! Brush up on your knowledge of NIST SP 800-53 and be ready to discuss how you've implemented security controls in past roles. We want to see you shine!
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive and engaged. Don’t miss out on this opportunity!
We think you need these skills to ace Fractional CISO (SOC2)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Fractional CISO. Highlight your experience with SOC 2, NIST SP 800-53, and any relevant governance frameworks. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for this hands-on role. Share specific examples of your past successes in security and compliance that relate to our needs.
Showcase Your Technical Skills:Don’t shy away from getting into the nitty-gritty! Detail your experience with engineering processes, access management, and audit readiness. We love candidates who can dive deep into the technical aspects while also thinking strategically.
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It helps us keep track of applications and ensures you don’t miss out on any important updates. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at Few&Far
✨Know Your SOC 2 Inside Out
Make sure you’re well-versed in the SOC 2 framework, especially Type I and Type II readiness. Be prepared to discuss your previous experiences leading SOC 2 programmes and how you’ve driven audit delivery. This will show that you can hit the ground running.
✨Demonstrate Technical Expertise
Since this role requires a hands-on approach, brush up on your knowledge of NIST SP 800-53 and how it integrates with SOC 2. Be ready to talk about specific controls you've implemented in past roles, particularly around secure SDLC and access management.
✨Showcase Your Leadership Skills
This position involves working closely with the CTO and operating at Board level. Prepare examples of how you’ve successfully led teams or projects in the past, particularly in high-stakes environments. Highlight your ability to communicate complex security concepts to non-technical stakeholders.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about challenges you’ve faced in previous roles related to incident response or third-party risk management, and be ready to explain how you tackled them effectively.
