The AI-powered OS for beauty, wellness and self-care

About the role

Reports to: VP of Security, IT and Compliance

We’re looking for someone to own compliance end‑to‑end at Fresha. We’re already HIPAA and ISO27001 certified, we’re heading into a PCI DSS audit shortly, and later this year we’ll have GDPR and SOC 2 Type II coming up. The role is based in our dog‑friendly office in London: The Bower, 207‑122, Old Street, London EC1V 9NR.

What you’ll own

Audits and certifications

• Run the PCI DSS audit to completion, then GDPR and SOC 2 Type II this year


• Serve as the main point of contact for external auditors—scoping, evidence, walkthroughs, findings


• Maintain HIPAA and ISO 27001 compliance between recertifications

Compliance operations

• Quarterly access reviews across in‑scope systems


• Manage Sprinto: ensure controls are covered, failu...