At a Glance
- Tasks: Lead SOC 2 programme, ensuring security and compliance for a cutting-edge health startup.
- Company: Join an innovative AI-driven digital health startup transforming care in the UK and US.
- Benefits: Flexible working hours, competitive pay, and the chance to shape security practices.
- Other info: Opportunity for growth in a dynamic, fast-paced environment.
- Why this job: Make a real impact on healthcare security while working with top tech leaders.
- Qualifications: Experience in SOC 2 programmes and strong knowledge of NIST SP 800-53 required.
The predicted salary is between 60000 - 80000 € per year.
2–3 days per week, 1 day a week in London (City). Initial 3-month engagement (likely extension). Partnered with an AI-driven digital health startup that’s redefining care across the UK and US. As they scale commercially and prepare for continued US growth, they’re looking for a hands-on Fractional CISO to work directly alongside the CTO and take ownership of their security, governance and compliance maturity. This is not a “strategy-only” advisory role. They need someone who can operate at Board level whilst also getting deep into controls, engineering processes, access management and audit readiness.
What you’ll be doing:
- Own the SOC 2 programme from scoping through audit delivery.
- Define the system boundary, Trust Services Criteria and evidence strategy.
- Lead Vanta implementation, continuous monitoring and audit preparation.
- Select and manage the external auditor relationship.
- Build a reusable control framework mapped across SOC 2, NIST 800-53, HIPAA, GDPR and ISO 13485.
- Mature engineering governance around secure SDLC, CI/CD, IaC, change management and release controls.
- Strengthen identity and access management across cloud infrastructure, SaaS tooling and production environments.
- Implement least-privilege access controls, PAM processes and auditable JML workflows.
- Improve Microsoft 365 / Entra ID security posture including Conditional Access, DLP and endpoint compliance.
- Drive incident response, logging, monitoring, backup and disaster recovery maturity.
- Lead third-party risk management and security reviews.
- Support enterprise customer security reviews and questionnaires with US healthcare partners.
What they’re looking for:
- Proven experience leading multiple SOC 2 Type I & II programmes end-to-end.
- Strong working knowledge of NIST SP 800-53 control families and cross-framework mapping.
- Experience within healthtech, medtech, fintech or another regulated SaaS environment.
- Hands-on understanding of cloud security, IAM, secure engineering practices and operational resilience.
- Experience working with AICPA auditors and compliance automation tooling.
- Ability to balance pragmatism with strong security standards in a fast-moving scale-up.
- Comfortable operating across engineering teams, senior leadership, enterprise customers and investors.
- CISSP, CISM or equivalent preferred.
Please apply and we will contact you to discuss further and your charge rate.
Fractional CISO (SOC2) in Slough employer: Few&Far
Join a pioneering AI-driven digital health startup that is transforming care across the UK and US, offering a dynamic work environment where your expertise as a Fractional CISO will directly impact security and compliance maturity. With a strong focus on employee growth, you will collaborate closely with senior leadership while enjoying the flexibility of a part-time role in the vibrant City of London. This is an exceptional opportunity to be part of a forward-thinking team that values hands-on contributions and fosters a culture of innovation and excellence.
StudySmarter Expert Advice🤫
We think this is how you could land Fractional CISO (SOC2) in Slough
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the healthtech and fintech sectors. Attend meetups, webinars, or even just grab a coffee with someone in the industry. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! When you get the chance to chat with potential employers, be ready to discuss specific projects you've led, especially around SOC 2 programmes. Bring examples of how you've implemented NIST SP 800-53 controls or improved security postures. This will help you stand out as a hands-on candidate.
✨Tip Number 3
Don’t forget to follow up! After any interview or networking event, shoot a quick thank-you email. It shows your enthusiasm and keeps you fresh in their minds. Plus, it’s a great opportunity to reiterate why you’re the perfect fit for the Fractional CISO role.
✨Tip Number 4
Apply through our website! We make it super easy for you to submit your application directly. Plus, it helps us keep track of all the amazing candidates like you. So, don’t hesitate—get your application in and let’s chat about how you can lead the SOC 2 programme!
We think you need these skills to ace Fractional CISO (SOC2) in Slough
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Fractional CISO. Highlight your experience with SOC 2 programmes and NIST SP 800-53 controls. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for this hands-on role. Share specific examples of your past successes in security governance and compliance that relate to our needs.
Show Your Passion for Healthtech:We’re excited about redefining care in the health sector, so let that passion come through in your application. Mention any relevant experience in healthtech or regulated environments to show you understand the landscape.
Apply Through Our Website:Don’t forget to apply through our website! It’s the best way for us to receive your application and get in touch. We can’t wait to hear from you and discuss how you can contribute to our mission!
How to prepare for a job interview at Few&Far
✨Know Your SOC 2 Inside Out
Make sure you’re well-versed in the SOC 2 programme, especially Type I and II readiness. Be prepared to discuss your previous experiences leading these programmes and how you can apply that knowledge to this role.
✨Familiarise Yourself with NIST SP 800-53
Since the environment needs to be architected against NIST SP 800-53, brush up on the control families and how they map across different frameworks. This will show your technical depth and readiness to hit the ground running.
✨Showcase Your Hands-On Experience
This isn’t just a strategic role; they want someone who can dive into the details. Be ready to share specific examples of how you've implemented security controls, managed access, or improved compliance in past roles.
✨Prepare for Board-Level Conversations
You’ll need to operate at a high level while also getting into the nitty-gritty. Think about how you can communicate complex security concepts to non-technical stakeholders and be ready to demonstrate your ability to balance both aspects.
