Technical Head of Compliance

Fresha
London

The AI-powered OS for beauty, wellness and self-care


About Fresha

Fresha is the AI-powered operating system for the global beauty, wellness and self-care industry, connecting and powering everything from salons and barbers to spas, medspas, fitness studios and health practices.

Trusted by millions of consumers and businesses worldwide. Fresha is used by 140,000+ businesses and 450,000+ stylists and professionals worldwide, processing over 1 billion appointments to date.

The company is headquartered in London, United Kingdom, with 15 global offices located across North America, EMEA and APAC.

Fresha allows consumers to discover, book and pay for beauty and wellness appointments with local businesses via its marketplace, while beauty and wellness businesses and professionals use an all-in-one platform to manage their entire operations with an intuitive business software and financial technology solutions.

Fresha’s ecosystem gives merchants everything they need to run their business seamlessly by facilitating appointment bookings, point-of-sale, customer records management, marketing automation, loyalty, beauty products inventory and team management.

The consumer marketplace unlocks revenue potential for partner businesses by leveraging the power of online bookings and automated marketing through mobile apps and advanced integrations with major tech brands including Instagram, Facebook and Google.

About the role

Reports to: VP of Security, IT and Compliance

We're looking for someone to own compliance end-to-end at Fresha. We're already HIPAA and ISO27001 certified, we're heading into a PCI DSS audit shortly, and later this year we've got GDPR and SOC 2 Type II coming up. That's a lot of parallel work, and we need someone who can run it without constant hand-holding.

Today one person covers the day-to-day compliance operations. You'll take over that function, grow it, and broaden its scope into data protection, vendor risk, and policy. You won't be starting from scratch — there's a working Sprinto setup, an access review cadence, and a vulnerability management process — but you'll be expected to take it to the next level.

We expect the person in this role to run a modern, automated compliance function. The volume of work across five frameworks does not scale with headcount alone — it scales with good tooling, good automation, and sensible use of AI.

To foster a collaborative environment that thrives on face-to-face interactions and teamwork, this role will be based in our dog-friendly office 5 days per week in London: The Bower, 207-122, Old Street, London EC1V 9NR.

What you'll own

Audits and certifications

  • Run the PCI DSS audit to completion, then GDPR and SOC 2 Type II this year

  • Be the main point of contact for external auditors — scoping, evidence, walkthroughs, findings

  • Keep HIPAA and ISO 27001 in good shape between recertifications

Compliance operations

  • Quarterly access reviews across in-scope systems

  • Sprinto: make sure controls are covered, failures are triaged quickly, and evidence is current

  • Vulnerability management: track closure against agreed SLAs and chase what's drifting

  • Own the compliance risk register — keep it current, get it reviewed on a regular cadence, and make sure it actually informs decisions rather than just sitting there for auditors

Data protection

  • Handle Subject Access Requests and Data Access Requests end-to-end

  • Keep the GDPR ROPA accurate as systems, vendors, and data flows change

  • Own and enforce data retention — not just on paper, but actually in the systems

Vendor and third-party risk

  • Review new vendors before they're onboarded — security posture, data handling, DPAs

  • Reassess critical and high-risk vendors on a regular cycle

  • Keep the vendor inventory, DPAs, and sub-processor lists tidy and audit-ready

Policy and awareness

  • Write new policies and update existing ones as our environment, regulations, and business change

  • Make sure policies are usable, understood, and actually followed — not shelfware

  • Own the compliance and privacy training programme: annual training, role-specific training for engineers handling PHI or cardholder data, and whatever else our frameworks demand

Automation and AI

  • Look at every recurring task in this role and ask "why is a human still doing this?" —evidence collection, control testing, access review workflows, vendor questionnaire triage, SAR data discovery, policy drafting, ROPA upkeep

  • Push Sprinto and our adjacent tooling as far as they'll go, and fill the gaps with scripts, workflows, or AI where it makes sense

  • Use LLMs sensibly for drafting, review, and first-pass analysis — but know where a human still has to sign off, especially anything that goes to a regulator or an auditor

  • Treat the function's operating model as a product: fewer manual rituals each quarter, not more

What we're looking for

  • You've led compliance through at least a couple of these frameworks (PCI DSS, SOC 2, ISO27001, HIPAA, GDPR). You don't need all of them, but PCI DSS and GDPR experience would be very valuable right now

  • You've dealt directly with auditors and you're comfortable pushing back when scoping or findings are off

  • You're hands-on. This is not a role where you delegate everything and review slides — you'll be in Sprinto, in tickets, in policy drafts, and in vendor reviews

  • You're fluent with AI tools and comfortable building automation — whether that's Sprinto workflows, scripting against APIs, using LLMs to cut down manual work, or knowing when to bring in an engineer to build something properly. You don't need to be a developer, but "I'll wait for someone to build it for me" isn't the right mindset

  • You can translate between engineers and auditors without frustrating either side

  • Bonus: experience with GRC tooling beyond Sprinto, DPO or DPO-adjacent work, payments regulatory exposure, or a track record of measurably reducing manual compliance work through automation

How you'll work

You'll have one direct report from day one, and the remainder to grow the function as the workload justifies. You'll work closely with Security, IT, Legal, Engineering and People.

Expect to spend real time with auditors during audit windows and real time with engineering and vendor teams the rest of the year.

Interview Process

  • Screen Stage - Video-call with a member from the Talent Team (45-60min)

  • 1st Stage - Interview with the VP of Security, IT & Compliance (60min)

  • Final Stage - Video interview with CTO (60min) and Head of Talent (30min)

We aim to finalise the entire interview process and deliver feedback within 4 weeks.

Every job application received is reviewed manually by our talent team. While we strive to assess applications within 7 days, the sheer volume of talented individuals expressing interest may occasionally extend this timeframe.

Inclusive workforce

At Fresha, we are creating a culture where individuals of all backgrounds feel comfortable.

We want all Fresha people to feel included and truly empowered to contribute fully to our vision and goals. Everyone who applies will receive fair consideration for employment.

We do not discriminate based on race, colour, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or any other applicable legally protected characteristics in the location in which the candidate is applying.

If you have any accessibility requirements that would make you more comfortable during the interview process and/or once you join, please let us know so that we can support you.

Posted 2026-07-01

Recommended Jobs

Director, Consumer PR

Authentic Brands Group
London

Who We Are Authentic Brands Group (Authentic) is a leading sports, media, entertainment and lifestyle platform. As the owner of some of the most iconic and beloved intellectual property in the wor…

View Details
Posted 2026-06-21

SEN Teaching Assistant | Dagenham

Marchant Recruitment
Dagenham, Greater London

A friendly primary school in Dagenham is recruiting a SEN Teaching Assistant for January 2026. This SEN Teaching Assistant role offers the chance to make a meaningful difference within a supportive e…

View Details
Posted 2026-01-10

English Teacher - Literacy Focus - Barking & Dagenham

Marchant Recruitment
Barking, Greater London

English Teacher – Drive Whole-School Literacy and Rigorous English Language Skills – Barking & Dagenham A supportive , community-oriented secondary school in Barking & Dagenham is seeking a …

View Details
Posted 2025-10-25

Senior Account Executive

Faire
London

About Faire Faire is a technology wholesale platform built on the belief that the future is local. Independent retailers around the globe collectively represent a multi-hundred-billion-dollar whol…

View Details
Posted 2026-06-27

Marketing Coordinator

Minut Home Limited
London

The role This is an opportunity to intern at a fast-growing company that’s influencing the future of travel. We're building a noise and automation platform used by thousands of Airbnb hosts and …

View Details
Posted 2026-06-24

Transformation Data Assistant LBS-006

Southwark Council
Southwark, Greater London

Job Category : Admin & Clerical Location : Southwark Council Hours Per Week : 36.00 Start Date : Immediate Start Start Time : 09:00 End Time : 17:00 Salary: £14.93 The post is experi…

View Details
Posted 2026-05-30

Year 3 Teacher - Wandsworth

Marchant Recruitment
London

An engaging primary school in Wandsworth is seeking a dedicated Year 3 Teacher to begin in January 2026. The Year 3 Teacher will plan purposeful sequences of learning that develop pupils’ knowledge, …

View Details
Posted 2025-11-22

Analytics Manager- Card Fraud

Capital on Tap
London

We’re Capital on Tap Capital on Tap started because small businesses were underserved. Big banks were slow, their products weren't fit for purpose, and small business owners often couldn't access …

View Details
Posted 2026-06-27

Sr. Technical Trainer

LogicMonitor
London

About Us: We love going to work and think you should too. Our team is dedicated to trust, customer obsession, agility, and striving to be better everyday. These values serve as the foundation of …

View Details
Posted 2026-06-21

Senior Data Modelling Consultant

Capco
London

Senior  Data Modelling Consultant Location: London (Hybrid) | Practice Area : Data & Analytics | Type: Permanent Transform data structure. Model business value. Build data-driven futures.…

View Details
Posted 2026-06-27