At a Glance
- Tasks: Manage governance, risk, and compliance programs while collaborating with various teams.
- Company: Fast-growing B2B SaaS company focused on Microsoft 365 integration.
- Benefits: Competitive salary, remote work, and opportunities for professional growth.
- Other info: Work autonomously in a scaling environment with excellent career advancement potential.
- Why this job: Join a dynamic team ensuring security and compliance in a rapidly evolving tech landscape.
- Qualifications: Experience with GRC programs and compliance platforms like Vanta or Drata.
The predicted salary is between 70000 - 80000 £ per year.
Must have experience:
- Experience using Vanta, Drata, Secureframe or similar compliance platforms
- Good understanding of cloud and identity environments including Microsoft 365, Azure and Entra ID
- Experience within Microsoft-focused SaaS environments
About the Company:
We’re partnering with a fast-growing B2B SaaS company building enterprise software deeply integrated into Microsoft 365 and Teams environments. Their platform is used by enterprise and mid-market organisations across multiple geographies, including customers operating in highly regulated industries. Security, compliance and trust are central to the company’s growth strategy and customer relationships. As the business continues to scale across enterprise markets, they’re investing further into their governance, risk and compliance capability to support both customer acquisition and long-term retention. The business already maintains key certifications including SOC 2 Type 2 and ISO 27001 and operates with a modern, automation-led compliance approach.
The Role:
This is a hands-on GRC role operating at the intersection of compliance, security and commercial operations. You’ll take ownership of the day-to-day running of the company’s governance, risk and compliance programs, working closely with leadership, external auditors, legal counsel and technical teams. The role will involve a mix of audit coordination, policy management, customer-facing security work and ongoing operational compliance management. You’ll play a key role in supporting enterprise customer trust, helping navigate complex security reviews and ensuring the organisation maintains a strong compliance posture as customer and market requirements evolve.
Responsibilities:
- Own and operate ongoing SOC 2 Type 2 and ISO 27001 compliance programs
- Coordinate audit cycles and work closely with external auditors
- Manage evidence collection, remediation tracking and control monitoring
- Operate and maintain compliance tooling such as Vanta
- Support enterprise sales processes through security questionnaires and customer due diligence
- Participate in customer security and compliance review calls
- Review and support DPAs, NDAs and security-related contractual terms
- Maintain and evolve the company’s Trust Center and public-facing compliance documentation
- Work closely with engineering, product and leadership teams on security and compliance initiatives
- Help shape future framework expansion across additional compliance standards
What We’re Looking For:
- Strong experience operating GRC programs within SaaS or technology businesses
- Hands-on knowledge of SOC 2 Type 2 and ISO 27001
- Experience using Vanta, Drata, Secureframe or similar compliance platforms
- Good understanding of cloud and identity environments including Microsoft 365, Azure and Entra ID
- Practical GDPR knowledge including DPAs, DPIAs and sub-processor management
- Experience responding to enterprise security questionnaires and customer audits
- Ability to balance strong compliance standards with commercial pragmatism
- Strong communication skills with the ability to engage both technical and non-technical stakeholders
- Comfortable operating autonomously within a scaling business environment
Nice to have:
- Experience with additional compliance frameworks such as ISO 42001, HIPAA or TISAX
- Background supporting regulated industries including financial services or healthcare
- Certifications such as CISA, CISM, CRISC, CIPP/E or ISO 27001 Lead Auditor
GRC Specialist employer: Quanta
As a GRC Specialist at our fast-growing B2B SaaS company, you'll be part of a dynamic team that prioritises security, compliance, and trust in a modern, automation-led environment. We offer competitive salaries, a supportive work culture that encourages professional growth, and the opportunity to work remotely from anywhere in the UK. Join us to make a meaningful impact while collaborating with industry leaders and contributing to our mission of maintaining high compliance standards across enterprise markets.
StudySmarter Expert Advice🤫
We think this is how you could land GRC Specialist
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at events. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! If you’ve got experience with Vanta, Drata, or similar platforms, make sure to highlight that in conversations. Real-world examples of how you’ve used these tools can really impress.
✨Tip Number 3
Prepare for those tricky questions! Brush up on your knowledge of SOC 2 Type 2 and ISO 27001 compliance. Being able to discuss these frameworks confidently will set you apart from the competition.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace GRC Specialist
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC Specialist role. Highlight your experience with compliance platforms like Vanta or Drata, and showcase your understanding of cloud environments like Microsoft 365 and Azure. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about governance, risk, and compliance. Share specific examples of how you've successfully managed compliance programs in the past. We love a good story that shows your expertise!
Show Off Your Communication Skills:As a GRC Specialist, you'll need to engage with both technical and non-technical stakeholders. In your application, demonstrate your strong communication skills. Whether it's through your CV or cover letter, make sure we can see how you can bridge the gap between different teams.
Apply Through Our Website:We encourage you to apply directly through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it gives you a chance to explore more about our company and culture while you’re at it!
How to prepare for a job interview at Quanta
✨Know Your Compliance Platforms
Make sure you’re well-versed in Vanta, Drata, Secureframe, or similar compliance tools. Be ready to discuss your hands-on experience with these platforms and how they’ve helped you manage GRC programs effectively.
✨Understand the Cloud Environment
Brush up on your knowledge of Microsoft 365, Azure, and Entra ID. The interviewers will likely want to know how you’ve navigated cloud and identity environments in past roles, so be prepared to share specific examples.
✨Showcase Your Communication Skills
You’ll need to engage with both technical and non-technical stakeholders, so practice articulating complex compliance concepts in simple terms. Think of scenarios where you successfully communicated compliance requirements to diverse teams.
✨Prepare for Security Reviews
Since you’ll be supporting enterprise customer trust, anticipate questions about how you handle security questionnaires and audits. Have a few success stories ready that highlight your ability to balance compliance with commercial needs.
