×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Data Security Cybersecurity IT Support Information Security

Technical Head of Compliance

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Fresha
Full Time position
Listed on 2026-06-20
Job specializations:
  • IT/Tech
    Data Security, Cybersecurity, IT Support, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

The AI-powered OS for beauty, wellness and self-care. About Fresha. Fresha is the AI-powered operating system for the global beauty, wellness and self-care industry, connecting and powering everything from salons and barbers to spas, medspas, fitness studios and health practices.

Trusted by millions of consumers and businesses worldwide. Fresha is used by 140,000+ businesses and 450,000+ stylists and professionals worldwide, processing over 1 billion appointments to date.

The company is headquartered in London, United Kingdom, with 15 global offices located across North America, EMEA and APAC.

Fresha allows consumers to discover, book and pay for beauty and wellness appointments with local businesses via its marketplace, while beauty and wellness businesses and professionals use an all-in-one platform to manage their entire operations with an intuitive business software and financial technology solutions.

Fresha’s ecosystem gives merchants everything they need to run their business seamlessly by facilitating appointment bookings, point-of-sale, customer records management, marketing automation, loyalty, beauty products inventory and team management.

The consumer marketplace unlocks revenue potential for partner businesses by leveraging the power of online bookings and automated marketing through mobile apps and advanced integrations with major tech brands including Instagram, Facebook and Google.

About the role

Reports to: VP of Security, IT and Compliance

We're looking for someone to own compliance end-to-end 're already HIPAA and ISO
27001 certified, we're heading into a PCI DSS audit shortly, and later this year we've got GDPR and SOC 2 Type II coming up. That's a lot of parallel work, and we need someone who can run it without constant hand-holding.

Today one person covers the day-to-day compliance operations. You'll take over that function, grow it, and broaden its scope into data protection, vendor risk, and policy. You won't be starting from scratch — there's a working Sprinto setup, an access review cadence, and a vulnerability management process — but you'll be expected to take it to the next level.

We expect the person in this role to run a modern, automated compliance function. The volume of work across five frameworks does not scale with headcount alone — it scales with good tooling, good automation, and sensible use of AI.

To foster a collaborative environment that thrives on face-to-face interactions and teamwork, this role will be based in our dog-friendly office 5 days per week in London:
The Bower, 207-122, Old Street, London EC1V 9NR
.

What you'll own

Audits and certifications

  • Run the PCI DSS audit to completion, then GDPR and SOC 2 Type II this year
  • Be the main point of contact for external auditors — scoping, evidence, walkthroughs, findings
  • Keep HIPAA and ISO 27001 in good shape between recertifications

Compliance operations

  • Quarterly access reviews across in-scope systems
  • Sprinto: make sure controls are covered, failures are triaged quickly, and evidence is current
  • Vulnerability management: track closure against agreed SLAs and chase what's drifting
  • Own the compliance risk register — keep it current, get it reviewed on a regular cadence, and make sure it actually informs decisions rather than just sitting there for auditors

Data protection

  • Handle Subject Access Requests and Data Access Requests end-to-end
  • Keep the GDPR ROPA accurate as systems, vendors, and data flows change
  • Own and enforce data retention — not just on paper, but actually in the systems

Vendor and third-party risk

  • Review new vendors before they're onboarded — security posture, data handling, DPAs
  • Reassess critical and high-risk vendors on a regular cycle
  • Keep the vendor inventory, DPAs, and sub-processor lists tidy and audit-ready

Policy and awareness

  • Write new policies and update existing ones as our environment, regulations, and business change
  • Make sure policies are usable, understood, and actually followed — not shelfware
  • Own the compliance and privacy training programme: annual training, role-specific training for engineers handling PHI or cardholder data, and whatever else our frameworks demand

Automation and AI

  • Look at every…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search