Head of Compliance

TL;DR

Head of Compliance: Own end-to-end compliance operations across PCI DSS, GDPR, SOC 2 Type II, HIPAA, and ISO27001 frameworks with an accent on audits, data protection, vendor risk, and policy management. Focus on automating recurring tasks, scaling with tooling and AI, and ensuring frameworks are audit-ready without constant oversight.

Location: On-site 5 days per week in London office (The Bower, 207-122 Old Street, London EC1V 9NR)

Company

AI-powered operating system for the global beauty, wellness, and self-care industry, trusted by 140,000+ businesses and processing over 1 billion appointments.

What you will do

• Run PCI DSS audit to completion, followed by GDPR and SOC 2 Type II, while maintaining HIPAA and ISO27001.
• Manage compliance operations including quarterly access reviews, Sprinto controls, vulnerability management, and risk register.
• Handle data protection tasks like Subject Access Requests, GDPR ROPA accuracy, and data retention enforcement.
• Oversee vendor risk assessments, onboarding reviews, and inventory maintenance.
• Develop and update policies, deliver compliance training programs.
• Automate processes using Sprinto, scripts, workflows, and AI tools like LLMs for evidence collection and analysis.

Requirements

• Experience leading compliance through at least a couple of PCI DSS, SOC 2, ISO27001, HIPAA, or GDPR frameworks.
• Direct experience dealing with auditors on scoping, evidence, walkthroughs, and findings.
• Hands-on with Sprinto, tickets, policy drafts, and vendor reviews.
• Fluent with AI tools, automation, scripting against APIs, and building workflows.
• Ability to communicate effectively between engineers and auditors.

Nice to have

• Experience with GRC tooling beyond Sprinto.
• DPO or DPO-adjacent work.
• Payments regulatory exposure.
• Track record of reducing manual compliance work through automation.

Culture & Benefits

• Collaborative environment emphasizing face-to-face interactions and teamwork in a dog-friendly London office.
• One direct report from day one, with opportunity to grow the team.
• Close collaboration with Security, IT, Legal, Engineering, and People teams.

Hiring process

• Screen stage: Video call with Talent Team (45-60 min).
• 1st stage: Interview with VP of Security, IT & Compliance (60 min).
• Final stage: Video interviews with CTO (60 min) and Head of Talent (30 min).