At a Glance
- Tasks: Lead SOC 2 programme, ensuring security and compliance for a cutting-edge health startup.
- Company: Join an innovative AI-driven digital health startup transforming care in the UK and US.
- Benefits: Flexible working days, competitive pay, and the chance to shape security practices.
- Other info: Opportunity for extension and growth in a dynamic, fast-paced environment.
- Why this job: Make a real impact on healthcare security while working with top tech leaders.
- Qualifications: Experience in SOC 2 programmes and strong knowledge of NIST SP 800-53 required.
The predicted salary is between 60000 - 80000 € per year.
2–3 days per week, 1 day a week in London (City). Initial 3-month engagement (likely extension). Partnered with an AI-driven digital health startup that’s redefining care across the UK and US. As they scale commercially and prepare for continued US growth, they’re looking for a hands-on Fractional CISO to work directly alongside the CTO and take ownership of their security, governance and compliance maturity. This is not a “strategy-only” advisory role. They need someone who can operate at Board level whilst also getting deep into controls, engineering processes, access management and audit readiness.
The immediate priority is leading the SOC 2 programme end-to-end, driving Type I readiness and laying the operational foundations for Type II. Crucially, the environment needs to be architected against NIST SP 800-53 from day one, so the controls implemented now can later support frameworks such as FedRAMP, TX-RAMP and broader US public-sector healthcare procurement without rework.
You’ll:
- Own the SOC 2 programme from scoping through audit delivery
- Define the system boundary, Trust Services Criteria and evidence strategy
- Lead Vanta implementation, continuous monitoring and audit preparation
- Select and manage the external auditor relationship
- Build a reusable control framework mapped across SOC 2, NIST 800-53, HIPAA, GDPR and ISO 13485
- Mature engineering governance around secure SDLC, CI/CD, IaC, change management and release controls
- Strengthen identity and access management across cloud infrastructure, SaaS tooling and production environments
- Implement least-privilege access controls, PAM processes and auditable JML workflows
- Improve Microsoft 365 / Entra ID security posture including Conditional Access, DLP and endpoint compliance
- Drive incident response, logging, monitoring, backup and disaster recovery maturity
- Lead third-party risk management and security reviews
- Support enterprise customer security reviews and questionnaires with US healthcare partners
What they’re looking for:
- Proven experience leading multiple SOC 2 Type I & II programmes end-to-end
- Strong working knowledge of NIST SP 800-53 control families and cross-framework mapping
- Experience within healthtech, medtech, fintech or another regulated SaaS environment
- Hands-on understanding of cloud security, IAM, secure engineering practices and operational resilience
- Experience working with AICPA auditors and compliance automation tooling
- Ability to balance pragmatism with strong security standards in a fast-moving scale-up
- Comfortable operating across engineering teams, senior leadership, enterprise customers and investors
- CISSP, CISM or equivalent preferred
Please apply and we will contact you to discuss further and your charge rate.
Fractional CISO (SOC2) in London employer: Few&Far
Join a pioneering AI-driven digital health startup that is transforming care across the UK and US, offering a dynamic work environment where your expertise as a Fractional CISO will directly impact security and compliance maturity. With a strong focus on employee growth, you will collaborate closely with the CTO and have the opportunity to shape governance frameworks while enjoying a flexible work schedule of 2-3 days per week, including one day in the vibrant City of London. This role not only provides meaningful challenges but also positions you at the forefront of innovation in the healthtech sector, making it an exceptional place for professionals seeking rewarding employment.
StudySmarter Expert Advice🤫
We think this is how you could land Fractional CISO (SOC2) in London
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the healthtech and fintech sectors. Attend meetups, webinars, or industry events where you can chat with potential employers and showcase your expertise.
✨Tip Number 2
Don’t just sit back and wait for job offers to roll in. Be proactive! Reach out directly to companies you admire, especially those in the AI-driven digital health space. A friendly email or LinkedIn message can go a long way.
✨Tip Number 3
Prepare for interviews by brushing up on your SOC 2 knowledge and NIST SP 800-53 controls. Be ready to discuss how you’ve led similar programmes in the past and how you can bring that experience to the table.
✨Tip Number 4
Finally, apply through our website! We’re always on the lookout for talented individuals like you. Plus, it’s a great way to ensure your application gets the attention it deserves.
We think you need these skills to ace Fractional CISO (SOC2) in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Fractional CISO. Highlight your experience with SOC 2 programmes and NIST SP 800-53 controls. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Share your passion for security and compliance, and explain why you're the perfect fit for our AI-driven digital health startup. Let us know how you can contribute to our mission.
Showcase Relevant Experience:When detailing your past roles, focus on your hands-on experience in leading SOC 2 Type I & II programmes. We love seeing concrete examples of how you've driven security initiatives and improved governance in previous positions.
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It helps us keep track of applications and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at Few&Far
✨Know Your SOC 2 Inside Out
Make sure you’re well-versed in the SOC 2 programme, especially Type I and II readiness. Be prepared to discuss your previous experiences leading similar programmes and how you can apply that knowledge to this role.
✨Familiarise Yourself with NIST SP 800-53
Since the role requires a strong understanding of NIST SP 800-53, brush up on the control families and be ready to explain how you would implement these controls in a practical setting. This will show your depth of knowledge and readiness to hit the ground running.
✨Showcase Your Hands-On Experience
This isn’t just a strategic role; they want someone who can get into the nitty-gritty. Prepare examples of how you’ve managed engineering processes, access management, and audit readiness in past roles. Highlight your hands-on approach to security.
✨Prepare for Technical Questions
Expect technical questions about cloud security, IAM, and secure engineering practices. Brush up on your knowledge of Microsoft 365 / Entra ID security posture and be ready to discuss how you would improve it. This will demonstrate your technical expertise and problem-solving skills.
