Security & Compliance Lead

<h1 style="text-align: center;"><strong>Security Compliance Lead</strong></h1> <p> </p> <p style="text-align: center;"><strong>The Role</strong></p> <p>Security and compliance at Prolific aren't afterthoughts — they're foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2, and we're looking for someone to own and evolve our security and compliance posture as we grow.</p> <p>As Security Compliance Lead, you'll be the go-to authority on information security across the organisation. You'll own our compliance program, lead security operations, and work hands-on with engineering and platform teams to ensure security is embedded in how we build and operate — not bolted on after the fact. This means getting into the weeds of our cloud infrastructure, shaping how security fits into the SDLC, and driving a DevSecOps mindset across engineering.</p> <p>You'll report to the Head of Engineering/Platform and work cross-functionally with legal, techops, engineering, platform, and data teams. As we scale, there's a clear path for this role to grow into managing a small security function.</p> <p>This is a hands-on senior role. You won't just be writing policies — you'll be monitoring threats, responding to incidents, driving audits, reviewing cloud security posture, and shaping how Prolific approaches security as we scale across the world.</p> <p style="text-align: center;"><strong>What you'll be doing</strong></p> <p><em>Security Operations Cloud Security</em></p> <ul> <li>Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.</li> <li>Create, respond to, and investigate security alerts using SIEM tooling (e.g. Datadog), triaging and escalating as appropriate.</li> <li>Own and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture management across GCP and AWS.</li> <li>Design and implement security architectures across our cloud infrastructure, working hands-on with Kubernetes, Terraform/IaC, and cloud-native services.</li> <li>Lead incident response — minimising impact, ensuring rapid recovery, and coordinating post-incident analysis and reporting.</li> <li>Coordinate penetration testing and manage remediation of findings.</li> </ul> <p><em>Compliance Governance</em></p> <ul> <li>Take responsibility for all technical aspects of our compliance program ensuring we maintain ISO 27001, SOC 2, and Cyber Essentials certifications.</li> <li>Lead the preparation and coordination of external audits, ensuring documentation and evidence are always audit-ready.</li> <li>Create, manage, and maintain security and compliance frameworks, including policies, procedures, and guidelines.</li> <li>Partner with legal and our DPO on GDPR and data privacy requirements, ensuring our security practices support our data protection obligations.</li> <li>Align security strategy with business objectives, managing risks while enabling growth.</li> <li>Assist data teams with governance requirements.</li> </ul> <p><em>DevSecOps Engineering Partnership</em></p> <ul> <li>Be the authority on information security within the engineering organisation, ensuring security is embedded throughout the SDLC.</li> <li>Work cross-functionally with engineering and platform teams to integrate security into CI/CD pipelines, code review, and infrastructure-as-code workflows.</li> <li>Contribute to platform and infrastructure security architecture decisions, providing guidance on secure design patterns and cloud security best practices.</li> <li>Promote security awareness across the business, including secure development practices, cloud platform security, and general security hygiene.</li> </ul> <p><em>Threat Intelligence</em></p> <ul> <li>Identify and assess emerging threats and vulnerabilities, rec ... (truncated, view full listing at source)