beam-up - Head of Compliance
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Personal ownership of a multi-framework certification portfolio in B2B SaaS - ISO 27001 or SOC 2 minimum, ideally with Cyber Essentials and a health or public-sector framework (NHS DSPT, HIPAA). You've run audits, evidence, and renewals yourself, not in support. • Deep working UK GDPR knowledge you can apply without reaching for references - and the judgement to take a defensible customer-facing position fast and explain its legal basis. • A track record as a calm, credible assurance operator with enterprise and public-sector buyers, holding a proportionate line on out-of-scope demands without damaging the relationship. • You lead without authority, coordinating work across peer specialists. • US public-sector exposure (GovRAMP/StateRAMP or US state privacy) to support handover to our incoming US Compliance Lead. • A health, social-care, or govtech background, with hands-on Drata (or similar) and customer trust portal experience.
Responsibilities
• Own Beam's certification portfolio end-to-end including ISO 27001, SOC 2 Type II, HIPAA, NHS DSPT, Cyber Essentials, GDPR and more, from planning and evidence to audit liaison and renewals. Three further ISO standards land March 2027; GovRAMP Core is underway in the US. • Run privacy operations: DSARs to deadline, DPIAs, the ROPA, Article 28 sub-processor governance, and breach assessment. • Lead customer assurance with enterprise and public-sector buyers (including the NHS), owning security questionnaires, due diligence, and defending Beam's positions in sales conversations. • Keep evidence continuously audit-ready in Drata, so audits are controlled, not a scramble. • Build the runbooks and cross-training that make the practice resilient. • Deputise for the CIRO on compliance decisions and escalations, setting the standard across Trust & Safety.
No credit card. Takes 10 seconds.