Prolific Logo

Security & Compliance Lead

🇬🇧 United Kingdom - Remote
🔒 Cybersecurity🟣 Senior

Job Description

Security & Compliance Lead

The Role

Security and compliance at Prolific aren’t afterthoughts — they’re foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2, and we’re looking for someone to own and evolve our security and compliance posture as we grow.

As Security & Compliance Lead, you’ll be the go-to authority on information security across the organisation. You’ll own our compliance program, lead security operations, and work hands-on with engineering and platform teams to ensure security is embedded in how we build and operate — not bolted on after the fact. This means getting into the weeds of our cloud infrastructure, shaping how security fits into the SDLC, and driving a DevSecOps mindset across engineering.

You’ll report to the Head of Engineering/Platform and work cross-functionally with legal, techops,  engineering, platform, and data teams. As we scale, there’s a clear path for this role to grow into managing a small security function.

This is a hands-on senior role. You won’t just be writing policies — you’ll be monitoring threats, responding to incidents, driving audits, reviewing cloud security posture, and shaping how Prolific approaches security as we scale across the world.

What you’ll be doing

Security Operations & Cloud Security

  • Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.
  • Create, respond to, and investigate security alerts using SIEM tooling (e.g. Datadog), triaging and escalating as appropriate.
  • Own and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture management across GCP and AWS.
  • Design and implement security architectures across our cloud infrastructure, working hands-on with Kubernetes, Terraform/IaC, and cloud-native services.
  • Lead incident response — minimising impact, ensuring rapid recovery, and coordinating post-incident analysis and reporting.
  • Coordinate penetration testing and manage remediation of findings.

Compliance & Governance

  • Take responsibility for all technical aspects of our compliance program ensuring we maintain ISO 27001, SOC 2, and Cyber Essentials certifications.
  • Lead the preparation and coordination of external audits, ensuring documentation and evidence are always audit-ready.
  • Create, manage, and maintain security and compliance frameworks, including policies, procedures, and guidelines.
  • Partner with legal and our DPO on GDPR and data privacy requirements, ensuring our security practices support our data protection obligations.
  • Align security strategy with business objectives, managing risks while enabling growth.
  • Assist data teams with governance requirements.

DevSecOps & Engineering Partnership

  • Be the authority on information security within the engineering organisation, ensuring security is embedded throughout the SDLC.
  • Work cross-functionally with engineering and platform teams to integrate security into CI/CD pipelines, code review, and infrastructure-as-code workflows.
  • Contribute to platform and infrastructure security architecture decisions, providing guidance on secure design patterns and cloud security best practices.
  • Promote security awareness across the business, including secure development practices, cloud platform security, and general security hygiene.

Threat Intelligence

  • Identify and assess emerging threats and vulnerabilities, recommending actionable mitigations to reduce risk exposure.
  • Monitor and report on trends in the cyber threat landscape, providing insights to inform organisational security decisions.
  • Share threat intelligence and mitigation strategies with relevant teams to enhance awareness and preparedness.

What you’ll bring

  • 5+ years of experience in security operations, cloud security, or a combined security and compliance role, with a track record of owning and delivering security outcomes independently.
  • Strong hands-on experience with cloud security in GCP and/or AWS, including working with Kubernetes, Terraform/IaC, and cloud-native security tooling.
  • Deep understanding of compliance frameworks such as ISO 27001 and SOC 2, with experience owning or significantly contributing to audit preparation and certification maintenance.
  • Experience with security tooling across SIEM, vulnerability scanning, endpoint security, and cloud security posture management.
  • A solid understanding of DevSecOps principles and experience embedding security into the software development lifecycle.
  • Working knowledge of GDPR and data privacy requirements, and experience partnering with legal or DPO functions.
  • Strong communication skills — you can translate security risks into business language, influence engineering teams, and write documentation that’s clear and actionable.
  • The ability to work independently, manage competing priorities, and exercise good judgement about where to focus your time.
  • A proactive mindset — you spot risks early, propose solutions, and take ownership without being asked.

Even better if you have

  • Experience coordinating penetration testing programmes and managing remediation.
  • Familiarity with infrastructure-as-code security scanning and policy-as-code approaches.
  • Experience with incident response programme design or tabletop exercises.
  • Exposure to customer security questionnaires, vendor due diligence, or third-party risk assessments.
  • Experience working in a scaling company where you’ve helped build security processes and culture from the ground up.
  • A relevant security certification such as CISSP, CISM, or cloud-specific security certifications (e.g. GCP Professional Cloud Security Engineer).
  • Experience mentoring or growing into a people management role.

Why Prolific is a great place to work

We’ve built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems.

We believe that the next leap in AI capabilities won’t come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application, you agree that Prolific may collect your personal data for recruiting and global organisation planning. Prolific’s Candidate Privacy Notice explains what personal information Prolific may process, where Prolific may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Prolific use of your personal information.

Share this job:
Please let Prolific know you found this job on Remote First Jobs 🙏

4475 similar remote jobs

Explore latest remote opportunities and join a team that values work flexibility.

View all jobs
Version 1 logo

Vulnerability & Security Compliance Lead

Version 1

Month ago
Loft Orbital logo

Security & Compliance Team Lead

Loft Orbital

$140k-$190k 3 Months ago
Loft Orbital logo

Security & Compliance Team Lead

Loft Orbital

3 Months ago
Zantech logo

Security Specialist / Application Security Lead

Zantech

3 Weeks ago
Visa logo

Information Security Compliance Consultant

Visa

3 Days ago
Newton logo

Security Lead

Newton

4 Days ago

Remote companies like Prolific

Find your next opportunity with companies that specialize in Crowdsourcing, Participant Recruitment, Online Research, and Ai. Explore remote-first companies like Prolific that prioritize flexible work and home-office freedom.

All companies
Respondent Logo

Respondent

11-50 www.respondent.io

A participant recruiting platform for research methodologies, connecting researchers with verified participants globally.

View company profile →
Sama Logo

Sama

1001-5000 www.sama.com

Provides AI training data services including annotation, labeling, and model evaluation for Generative AI and Computer Vision projects.

8 open positions →
KoboToolbox Logo

KoboToolbox

11-50 www.kobotoolbox.org

An open-source platform for survey data collection, management, and visualization for social impact organizations.

View company profile →
FORM Logo

FORM

201-500 www.form.com

We offer mobile technology and AI solutions for frontline teams, improving execution, communication, and real-time intelligence.

2 open positions →
CREATEQ Logo

CREATEQ

201-500 www.createq.com

We build and manage dedicated software teams, focusing on AI-powered modernization, compliance, and security for high-stakes industries.

2 open positions →
PVM, Inc. Logo

PVM, Inc.

11-50 pvmit.com

Digital services for public sector teams, specializing in Palantir systems and data solutions.

1 open positions →

Project: Career Search

Rev. 2026.2

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply