Rodeo
ResourcesPartnersSign in

Nscale

Staff engineer, Security Assurance & Audit

London
Posted about 13 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

About Nscale

Nscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility.

We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future.

About The Role

Nscale is hiring a Staff Engineer, Security Assurance & Audit to lead a high-rigor, audit-ready assurance function across Nscale's global AI infrastructure.

This is a hands-on senior individual contributor role with significant scope. You will own the operating model that allows Nscale to meet customer commitments, expand certification scope, maintain audit readiness, and produce defensible evidence for external auditors and enterprise customers.

As Nscale scales global AI infrastructure, we need a technical assurance leader who can turn customer commitments, certification requirements, and control obligations into durable programs, clear ownership, strong evidence, and repeatable execution.

This role sits at the intersection of security, audit, compliance, infrastructure, physical security, engineering, customer trust, and legal. You will partner directly with control owners across the company to ensure controls are scoped, implemented, evidenced, tested, and defensible.

What You'll be Doing

Assurance Program Leadership

  • Own security assurance execution across SOC 2 Type II, the ISO family of standards, and other applicable frameworks.
  • Lead certification and audit-readiness planning for new sites, systems, services, and customer commitments.
  • Build and maintain an integrated audit calendar across certification bodies, readiness assessments, customer deadlines, surveillance audits, and scope expansions.
  • Drive cross-functional readiness for audit fieldwork, evidence submission, auditor walkthroughs, and control-owner interviews.

Scope Expansion and Site Readiness

  • Lead assurance planning for new launches and site-scope expansions.
  • Translate site launch commitments into control requirements, evidence requirements, readiness trackers, and audit-response packs.
  • Partner with Physical & Data Center Security, Enterprise Security, Infrastructure, Legal, and Customer Trust to define boundaries, control ownership, and evidence expectations.
  • Support customer-specific readiness efforts.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Control Framework and Evidence Quality

  • Partner with compliance engineering and control-mapping owners to maintain a unified control framework across SOC 2, ISO, NIST, and customer-specific obligations.
  • Define evidence standards for control design, operating effectiveness, sampling, retention, traceability, and audit defensibility.
  • Review evidence for sufficiency, accuracy, timeliness, and relevance before submission to auditors or customers.
  • Identify evidence gaps, control weaknesses, and repeat failure patterns.
  • Ensure audit findings are routed into remediation workflows with accountable owners and due dates.

External Audit and Customer Audit Support

  • Manage external auditor engagement, including request lists, evidence submissions, control narratives, walkthrough preparation, and issue follow-up.
  • Serve as a primary assurance representative during external audits and customer security reviews.
  • Translate technical controls into clear, defensible audit narratives.
  • Partner with Customer Trust to prepare audit-backed responses to customer security reviews and enterprise customer assurance requests.

Automation and Continuous Readiness

  • Partner with GRC Engineering to automate evidence collection, control monitoring, and audit-readiness reporting.
  • Support the implementation and operationalization of a modern GRC platform, including evidence integrations and automated workflows.
  • Help define continuous control monitoring requirements and control health indicators.
  • Use automation and AI-assisted workflows where they improve evidence quality, audit preparation, control validation, or remediation tracking.
  • Reduce manual audit preparation by building repeatable workflows, templates, and source-of-truth systems.

KPIs

  • Audit-readiness status across in-scope certifications and sites
  • Evidence completeness, quality, and traceability
  • On-time completion of audit requests and readiness milestones
  • Control ownership and evidence maintenance coverage across in-scope frameworks
  • Closure rates for evidence gaps and audit findings
  • Certification / audit milestone attainment
  • Time required to prepare site-specific audit-response packs
  • Control-mapping coverage across required frameworks and customer commitments

About You

Required

  • 5+ years of experience in security assurance, security compliance, GRC, external audit, technical program management, or related security functions.
  • Hands-on experience with SOC 2 Type II and ISO 27001.
  • Experience managing external audits, certification engagements, readiness assessments, or audit-response programs.
  • Strong understanding of control design, operating effectiveness, audit evidence, evidence sampling, and audit defensibility.
  • Ability to work directly with engineering, infrastructure, security, physical security, IT, HR, legal, and operations teams.
  • Experience translating framework requirements into control-owner actions and evidence requirements.
  • Strong program-management skills, including operating cadences, timelines, dependencies, executive reporting, and escalation.
  • Excellent written communication skills for audit narratives, scope statements, control explanations, and executive updates.
  • Comfort operating in ambiguous, fast-growth environments with high customer expectations.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Strong Preferences

  • Experience with HITRUST, NIST 800-53, Cyber Essentials Plus, or UK government security frameworks (such as the NCSC Cyber Assessment Framework).
  • Experience supporting data center, cloud infrastructure, bare-metal, sovereign cloud, AI infrastructure, or critical infrastructure environments.
  • Hands-on experience with modern GRC platforms such as Drata, Vanta, ServiceNow GRC, OneTrust, Hyperproof, or similar.
  • Experience building audit-readiness programs that use automation, continuous control monitoring, or evidence integrations.
  • Experience working with physical and environmental controls, facility security, or data center operations.
  • Experience working across multiple geographies and certification scopes.

Nice to Have

  • Relevant certifications such as CISSP, CISM, ISO 27001 Lead Auditor, ISO 42001 Lead Implementer, CISA, or equivalent.
  • Prior experience as an external auditor, certification-body assessor, or audit consultant.
  • Experience scaling security assurance programs in high-growth startups or infrastructure companies.

What We Can Offer You

You’ll have the opportunity to help shape the operating standards behind a next-generation AI cloud platform, working on complex infrastructure challenges with real ownership and impact. This is a chance to play a meaningful role in scaling high-performance, sustainable data centre operations in a fast-moving environment.

Equal Opportunities Statement

We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.

If there’s anything we can do to accommodate your specific situation, please let us know.

The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role.

For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Assurance
SOC 2 Type II
ISO 27001
GRC
External Audit Management
Control Design
Technical Program Management
Compliance Engineering
Evidence Collection
Risk Management
Audit Readiness
Infrastructure Security
Physical Security
Stakeholder Management
Control Mapping
Regulatory Compliance

Location

London, England, United Kingdom

Sign up to applySee more jobs like this