Job Title

Information Security & Compliance Specialist - Portsmouth - Hybrid - Full time permanent We are working with a fintech business specialising in subscription billing and revenue management for high-growth, usage-based companies. They are looking for their first dedicated compliance hire within the business. The role sits at the intersection of technology, risk and commercial growth, taking ownership of security and compliance frameworks while working closely with the CIO and wider engineering teams. The foundations are already in place and cloud infrastructure is mature and a GRC platform is live. What's needed now is a hands-on specialist to own day-to-day compliance operations, maintain existing certifications, and lead the organisation through its next stage of security maturity. Key responsibilities Compliance ownership & framework delivery Take full ownership of the compliance programme, maintaining PCI Level 1 and leading the delivery of SOC 2 and ISO 27001. Act as the operational owner of Sprinto, ensuring controls remain effective, evidence is maintained, and audits are continuously 'ready'. Work closely with the CIO to identify, document and remediate control failures across the GCP environment, including IAM, storage and access issues. Cloud security, risk & operations Perform ongoing security assessments across infrastructure and applications, including vulnerability testing and technical risk analysis. Serve as the primary security incident lead, responsible for root cause analysis, coordination of remediation and post-incident review. Maintain, test and continuously improve incident response and disaster recovery plans. Governance, privacy & assurance Own data protection obligations, including GDPR and CCPA, mapping and auditing data flows within the GCP environment. Lead third-party security assessments, working with vendors to ensure ongoing alignment with security and privacy expectations. Periodically review billing, subscriptions and payment processes to ensure alignment with fintech regulations and fair-trading standards. Trust, enablement & culture Treat compliance as a product: create clear internal training, guidance and 'trust bulletins' that help teams understand the why behind security controls. Partner with marketing and commercial teams to develop a customer-facing Trust Portal, translating technical security controls into clear, credible messaging for enterprise clients. Champion a 'compliance by design' mindset across engineering and operations. Experience & background 2-4 years' experience in information security, GRC, IT audit or a closely related role. Strong experience producing security documentation, policies and evidence that link compliance requirements to real technical controls. Hands-on exposure to security testing methodologies, including vulnerability assessment and penetration testing. Technical familiarity Confident working within Google Cloud Platform, particularly IAM, Cloud Storage and logging/monitoring services. Solid understanding of cloud security concepts; exposure to Kubernetes or containerised environments is highly beneficial. Comfortable acting as a technical translator between security frameworks and engineering implementation. TPBN1_UKTJ