Security & Compliance Lead

Security & Compliance Lead

The Role

Security and compliance at Prolific aren't afterthoughts — they're foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2, and we're looking for someone to own and evolve our security and compliance posture as we grow.

As Security & Compliance Lead, you'll be the go-to authority on information security across the organisation. You'll own our compliance program, lead security operations, and work hands-on with engineering and platform teams to ensure security is embedded in how we build and operate — not bolted on after the fact. This means getting into the weeds of our cloud infrastructure, shaping how security fits into the SDLC, and driving a DevSecOps mindset across engineering.

You'll report to the Head of Engineering/Platform and work cross-functionally with legal, techops, engineering, platform, and data teams. As we scale, there's a clear path for this role to grow into managing a small security function.

This is a hands-on senior role. You won't just be writing policies — you'll be monitoring threats, responding to incidents, driving audits, reviewing cloud security posture, and shaping how Prolific approaches security as we scale across the world.

What you'll be doing

Security Operations & Cloud Security

• Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.

• Create, respond to, and investigate security alerts using SIEM tooling (e.g. Datadog), triaging and escalating as appropriate.

• Own and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture management across GCP and AWS.

• Design and implement security architectures across our cloud infrastructure, working hands-on with Kubernetes, Terraform/IaC, and cloud-native services.

• Lead incident response — minimising impact, ensuring rapid recovery, and coordinating post-incident analysis and reporting.

• Coordinate penetration testing and manage remediation of findings.

Compliance & Governance

• Take responsibility for all technical aspects of our compliance program ensuring we maintain ISO 27001, SOC 2, and Cyber Essentials certifications.

• Lead the preparation and coordination of external audits, ensuring documentation and evidence are always audit-ready.

• Create, manage, and maintain security and compliance frameworks, including policies, procedures, and guidelines.

• Partner with legal and our DPO on GDPR and data privacy requirements, ensuring our security practices support our data protection obligations.

• Align security strategy with business objectives, managing risks while enabling growth.

• Assist data teams with governance requirements.

DevSecOps & Engineering Partnership

• Be the authority on information security within the engineering organisation, ensuring security is embedded throughout the SDLC.

• Work cross-functionally with engineering and platform teams to integrate security into CI/CD pipelines, code review, and infrastructure-as-code workflows.

• Contribute to platform and infrastructure security architecture decisions, providing guidance on secure design patterns and cloud security best practices.

• Promote security awareness across the business, including secure development practices, cloud platform security, and general security hygiene.

Threat Intelligence

• Identify and assess emerging threats and vulnerabilities, recommending actionable mitigations to reduce risk exposure.

• Monitor and report on trends in the cyber threat landscape, providing insights to inform organisational security decisions.

• Share threat intelligence and mitigation strategies with relevant teams to enhance awareness and preparedness.

What you'll bring

• 5+ years of experience in security operations, cloud security, or a combined security and compliance role, with a track record of owning and delivering security outcomes independently.

• Strong hands-on experience with cloud security in GCP and/or AWS, including working with Kubernetes, Terraform/IaC, and cloud-native security tooling.

• Deep understanding of compliance frameworks such as ISO 27001 and SOC 2, with experience owning or significantly contributing to audit preparation and certification maintenance.

• Experience with security tooling across SIEM, vulnerability scanning, endpoint security, and cloud security posture management.

• A solid understanding of DevSecOps principles and experience embedding security into the software development lifecycle.

• Working knowledge of GDPR and data privacy requirements, and experience partnering with legal or DPO functions.

• Strong communication skills — you can translate security risks into business language, influence engineering teams, and write documentation that's clear and actionable.

• The ability to work independently, manage competing priorities, and exercise good judgement about where to focus your time.

• A proactive mindset — you spot risks early, propose solutions, and take ownership without being asked.

Even better if you have

• Experience coordinating penetration testing programmes and managing remediation.

• Familiarity with infrastructure-as-code security scanning and policy-as-code approaches.

• Experience with incident response programme design or tabletop exercises.

• Exposure to customer security questionnaires, vendor due diligence, or third-party risk assessments.

• Experience working in a scaling company where you've helped build security processes and culture from the ground up.

• A relevant security certification such as CISSP, CISM, or cloud-specific security certifications (e.g. GCP Professional Cloud Security Engineer).

• Experience mentoring or growing into a people management role.
Why Prolific is a great place to work

We've built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems.

We believe that the next leap in AI capabilities won't come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application, you agree that Prolific may collect your personal data for recruiting and global organisation planning. Prolific's Candidate Privacy Notice explains what personal information Prolific may process, where Prolific may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Prolific use of your personal information.