Job Description
The AI-powered OS for beauty, wellness and self-care
About the role
Reports to: VP of Security, IT and Compliance
We’re looking for someone to own compliance end‑to‑end at Fresha. We’re already HIPAA and ISO27001 certified, we’re heading into a PCI DSS audit shortly, and later this year we’ll have GDPR and SOC 2 Type II coming up. The role is based in our dog‑friendly office in London: The Bower, 207‑122, Old Street, London EC1V 9NR.
What you’ll own
Audits and certifications
- Run the PCI DSS audit to completion, then GDPR and SOC 2 Type II this year
- Serve as the main point of contact for external auditors—scoping, evidence, walkthroughs, findings
- Maintain HIPAA and ISO 27001 compliance between recertifications
Compliance operations
- Quarterly access reviews across in‑scope systems
- Manage Sprinto: ensure controls are covered, failures are triaged quickly, and evi...