Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead compliance efforts and manage audits for key frameworks like PCI DSS and GDPR.
- Company: Join Fresha, an innovative AI-powered platform in beauty and wellness.
- Benefits: Enjoy a dog-friendly office, competitive salary, and opportunities for professional growth.
- Other info: Collaborate with diverse teams in an inclusive environment that values all backgrounds.
- Why this job: Make a real impact on compliance while working with cutting-edge technology.
- Qualifications: Experience with compliance frameworks and a hands-on approach to tasks.
The predicted salary is between 70000 - 90000 ÂŁ per year.
The AI-powered OS for beauty, wellness and self-care.
About the role:
Reports to: VP of Security, IT and Compliance.
We’re looking for someone to own compliance end‑to‑end at Fresha. We’re already HIPAA and ISO27001 certified, we’re heading into a PCI DSS audit shortly, and later this year we’ll have GDPR and SOC 2 Type II coming up. The role is based in our dog‑friendly office in London: The Bower, 207‑122, Old Street, London EC1V 9NR.
What you’ll own:
- Audits and certifications: Run the PCI DSS audit to completion, then GDPR and SOC 2 Type II this year. Serve as the main point of contact for external auditors—scoping, evidence, walkthroughs, findings. Maintain HIPAA and ISO 27001 compliance between recertifications.
- Compliance operations: Quarterly access reviews across in‑scope systems. Manage Sprinto: ensure controls are covered, failures are triaged quickly, and evidence is current. Track vulnerability management closure against agreed SLAs and chase any drifts. Own the compliance risk register—keep it current, review it regularly, and ensure it informs decisions rather than sitting for auditors.
- Data protection: Handle Subject Access Requests and Data Access Requests end‑to‑end. Keep the GDPR ROPA accurate as systems, vendors, and data flows change. Enforce data retention in the systems—beyond paper policies.
- Vendor and third‑party risk: Review new vendors before onboarding—security posture, data handling, DPAs. Reassess critical and high‑risk vendors on a regular cycle. Maintain a tidy, audit‑ready vendor inventory, DPAs, and sub‑processor lists.
- Policy and awareness: Write new policies and update existing ones as the environment, regulations, and business change. Ensure policies are usable, understood, and followed—avoid shelfware. Own the compliance and privacy training programme: annual training, role‑specific training for engineers handling PHI or cardholder data, and any framework‑required training.
- Automation and AI: Identify recurring tasks and eliminate unnecessary manual work—evidence collection, control testing, access review workflows, vendor questionnaire triage, SAR data discovery, policy drafting, ROPA upkeep. Push Sprinto and adjacent tooling to the limit, supplementing gaps with scripts, workflows, or AI where appropriate. Use LLMs sensibly for drafting, review, and first‑pass analysis—knowing when human sign‑off is required, especially for regulator or auditor submissions. Treat the function’s operating model as a product—reduce manual rituals each quarter, not increase them.
What we’re looking for:
- Experience leading compliance through at least a couple of these frameworks (PCI DSS, SOC 2, ISO 27001, HIPAA, GDPR). PCI DSS and GDPR experience is especially valuable at this time.
- Direct experience with auditors and confidence in challenging scope or findings that are off.
- Hands‑on mindset—working in Sprinto, tickets, policy drafts, and vendor reviews rather than delegating all tasks.
- Fluency with AI tools and building automation—whether Sprinto workflows, scripting against APIs, or utilizing LLMs, while knowing when to engage an engineer for proper implementation.
- Ability to translate between engineers and auditors without friction.
- Optional bonus: GRC tooling beyond Sprinto, DPO or DPO‑adjacent work, payments regulatory exposure, or a proven track record of reducing manual compliance work through automation.
How you’ll work:
You’ll have one direct report from day one, with growth as workload justifies. You’ll collaborate closely with Security, IT, Legal, Engineering, and People teams. Expect to spend significant time with auditors during audit windows and with engineering and vendor teams the rest of the year.
Inclusive workforce:
At Fresha, we foster a culture where individuals from all backgrounds feel comfortable and empowered. Everyone who applies will receive fair consideration for employment. We do not discriminate based on race, colour, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or any other legally protected characteristic in the location where the candidate is applying. If you have any accessibility requirements for the interview process or upon joining, please let us know so we can support you.
Head of Compliance employer: Fresha
Contact Detail:
Fresha Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Head of Compliance
✨Tip Number 1
Network like a pro! Reach out to folks in the compliance field on LinkedIn or at industry events. A friendly chat can lead to insider info about job openings that aren't even advertised yet.
✨Tip Number 2
Prepare for those interviews! Research Fresha and its compliance needs, especially around PCI DSS and GDPR. Show us you know your stuff and how you can tackle our challenges head-on.
✨Tip Number 3
Practice your pitch! Be ready to explain your experience with compliance frameworks and how you've handled audits before. We want to hear how you can make a difference at Fresha!
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows us you're genuinely interested in joining our team.
We think you need these skills to ace Head of Compliance
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with compliance frameworks like PCI DSS and GDPR. We want to see how your skills align with what we’re looking for!
Showcase Your Hands-On Experience: We love candidates who get stuck in! Share specific examples of how you've managed audits or worked directly with auditors. This will show us you’re not just about delegating tasks.
Be Clear and Concise: When writing your application, keep it straightforward. Use clear language to explain your experience and avoid jargon unless it’s relevant. We appreciate clarity as much as compliance!
Apply Through Our Website: Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. We can’t wait to hear from you!
How to prepare for a job interview at Fresha
✨Know Your Compliance Frameworks
Make sure you’re well-versed in PCI DSS, SOC 2, ISO 27001, HIPAA, and GDPR. Be ready to discuss your hands-on experience with these frameworks and how you've navigated audits in the past. This will show that you can hit the ground running.
✨Showcase Your Audit Experience
Prepare specific examples of your interactions with auditors. Highlight times when you’ve challenged findings or scoped audits effectively. This demonstrates your confidence and ability to manage external relationships, which is crucial for this role.
✨Demonstrate Your Hands-On Mindset
Talk about your direct involvement in compliance tasks like policy drafting, vendor reviews, and using tools like Sprinto. Show that you’re not just a delegator but someone who gets into the nitty-gritty of compliance operations.
✨Emphasise Automation Skills
Discuss your experience with AI tools and automation in compliance processes. Be prepared to share examples of how you’ve reduced manual work through technology, as this aligns perfectly with the expectations for the role at Fresha.