At a Glance
- Tasks: Build and lead the security and compliance function from scratch in a fast-growing startup.
- Company: Exciting cybersecurity startup with a focus on innovation and growth.
- Benefits: Equity, wellness budget, hybrid working, and a clear path to CISO.
- Other info: Join a small, close-knit team and own an important function from day one.
- Why this job: Make a real impact by shaping security policies and processes in a dynamic environment.
- Qualifications: Hands-on experience with SOC 2 and ISO 27001 certifications and compliance platforms.
The predicted salary is between 70000 - 90000 £ per year.
Location: London (hybrid, flexible on office days)
Type: Permanent, full-time
About the role
A fast-growing cybersecurity startup is making its first dedicated security and compliance hire. The company sells into large enterprises, where certifications come up in every sales conversation. ISO 27001, SOC 2 and a strong security posture have become a condition of doing business. No one owns this internally yet, and it's starting to hold deals up. This role takes ownership of it. You'll build the security and compliance function from scratch: set up the tooling, write the policies, and take the company through certification to audit. As a cyber company, internal security has to be genuinely strong here, not signed off on paper, so the work matters beyond the badge. It's a hands-on, individual contributor role for someone with the judgment to think a step ahead. For the right person, there's a clear path to CISO as the company grows.
Key responsibilities
- Set up and configure the compliance platform (likely Drata or Vanta) from the ground up.
- Lead the company through SOC 2 Type 1, SOC 2 Type 2, and ISO 27001, end-to-end and through audit.
- Write and embed the security policies, controls, and processes that don't yet exist.
- Strengthen the internal security posture and close gaps as you find them.
- Build security controls into the infrastructure, sequenced around a planned migration from GCP to AWS.
- Shape where the company's security and compliance go next.
What we're looking for
- Hands‑on experience running SOC 2 and ISO 27001 yourself, end-to-end and through audit.
- Proven set‑up of a compliance platform, such as Drata or Vanta, from scratch.
- A security engineering background, with enough IT exposure to work across both.
- Comfortable writing policy and building process in an early‑stage environment where neither exists yet.
- Ideally, experience doing this in a smaller team where you did the hands‑on work yourself.
- Backgrounds in fintech, cybersecurity, or other regulated industries will translate best.
What's on offer
- Meaningful equity from an early stage.
- Wellness budget.
- Hybrid working with genuine flexibility on office days.
- A small, close‑kitted team and the chance to own an important function from day one, with a path to CISO.
How to apply
If you've taken a company through certification before and want to do it again as the first dedicated security hire, apply with your CV or get in touch for a confidential chat.
Founding Security & Compliance Engineer in London employer: rmg digital
Join a fast-growing cybersecurity startup in London, where you will have the unique opportunity to build the security and compliance function from the ground up. With a strong emphasis on employee growth, meaningful equity, and a flexible hybrid working model, this role offers a clear path to CISO as the company expands. Be part of a close-knit team that values hands-on contributions and fosters a culture of genuine security integrity.
