Nscale
Staff engineer, Security Assurance & Audit

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
About Nscale
Nscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility.
We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future.
About The Role
Nscale is hiring a Staff Engineer, Security Assurance & Audit to lead a high-rigor, audit-ready assurance function across Nscale's global AI infrastructure.
This is a hands-on senior individual contributor role with significant scope. You will own the operating model that allows Nscale to meet customer commitments, expand certification scope, maintain audit readiness, and produce defensible evidence for external auditors and enterprise customers.
As Nscale scales global AI infrastructure, we need a technical assurance leader who can turn customer commitments, certification requirements, and control obligations into durable programs, clear ownership, strong evidence, and repeatable execution.
This role sits at the intersection of security, audit, compliance, infrastructure, physical security, engineering, customer trust, and legal. You will partner directly with control owners across the company to ensure controls are scoped, implemented, evidenced, tested, and defensible.
What You'll be Doing
Assurance Program Leadership
- Own security assurance execution across SOC 2 Type II, the ISO family of standards, and other applicable frameworks.
- Lead certification and audit-readiness planning for new sites, systems, services, and customer commitments.
- Build and maintain an integrated audit calendar across certification bodies, readiness assessments, customer deadlines, surveillance audits, and scope expansions.
- Drive cross-functional readiness for audit fieldwork, evidence submission, auditor walkthroughs, and control-owner interviews.
Scope Expansion and Site Readiness
- Lead assurance planning for new launches and site-scope expansions.
- Translate site launch commitments into control requirements, evidence requirements, readiness trackers, and audit-response packs.
- Partner with Physical & Data Center Security, Enterprise Security, Infrastructure, Legal, and Customer Trust to define boundaries, control ownership, and evidence expectations.
- Support customer-specific readiness efforts.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Control Framework and Evidence Quality
- Partner with compliance engineering and control-mapping owners to maintain a unified control framework across SOC 2, ISO, NIST, and customer-specific obligations.
- Define evidence standards for control design, operating effectiveness, sampling, retention, traceability, and audit defensibility.
- Review evidence for sufficiency, accuracy, timeliness, and relevance before submission to auditors or customers.
- Identify evidence gaps, control weaknesses, and repeat failure patterns.
- Ensure audit findings are routed into remediation workflows with accountable owners and due dates.
External Audit and Customer Audit Support
- Manage external auditor engagement, including request lists, evidence submissions, control narratives, walkthrough preparation, and issue follow-up.
- Serve as a primary assurance representative during external audits and customer security reviews.
- Translate technical controls into clear, defensible audit narratives.
- Partner with Customer Trust to prepare audit-backed responses to customer security reviews and enterprise customer assurance requests.
Automation and Continuous Readiness
- Partner with GRC Engineering to automate evidence collection, control monitoring, and audit-readiness reporting.
- Support the implementation and operationalization of a modern GRC platform, including evidence integrations and automated workflows.
- Help define continuous control monitoring requirements and control health indicators.
- Use automation and AI-assisted workflows where they improve evidence quality, audit preparation, control validation, or remediation tracking.
- Reduce manual audit preparation by building repeatable workflows, templates, and source-of-truth systems.
KPIs
- Audit-readiness status across in-scope certifications and sites
- Evidence completeness, quality, and traceability
- On-time completion of audit requests and readiness milestones
- Control ownership and evidence maintenance coverage across in-scope frameworks
- Closure rates for evidence gaps and audit findings
- Certification / audit milestone attainment
- Time required to prepare site-specific audit-response packs
- Control-mapping coverage across required frameworks and customer commitments
About You
Required
- 5+ years of experience in security assurance, security compliance, GRC, external audit, technical program management, or related security functions.
- Hands-on experience with SOC 2 Type II and ISO 27001.
- Experience managing external audits, certification engagements, readiness assessments, or audit-response programs.
- Strong understanding of control design, operating effectiveness, audit evidence, evidence sampling, and audit defensibility.
- Ability to work directly with engineering, infrastructure, security, physical security, IT, HR, legal, and operations teams.
- Experience translating framework requirements into control-owner actions and evidence requirements.
- Strong program-management skills, including operating cadences, timelines, dependencies, executive reporting, and escalation.
- Excellent written communication skills for audit narratives, scope statements, control explanations, and executive updates.
- Comfort operating in ambiguous, fast-growth environments with high customer expectations.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Strong Preferences
- Experience with HITRUST, NIST 800-53, Cyber Essentials Plus, or UK government security frameworks (such as the NCSC Cyber Assessment Framework).
- Experience supporting data center, cloud infrastructure, bare-metal, sovereign cloud, AI infrastructure, or critical infrastructure environments.
- Hands-on experience with modern GRC platforms such as Drata, Vanta, ServiceNow GRC, OneTrust, Hyperproof, or similar.
- Experience building audit-readiness programs that use automation, continuous control monitoring, or evidence integrations.
- Experience working with physical and environmental controls, facility security, or data center operations.
- Experience working across multiple geographies and certification scopes.
Nice to Have
- Relevant certifications such as CISSP, CISM, ISO 27001 Lead Auditor, ISO 42001 Lead Implementer, CISA, or equivalent.
- Prior experience as an external auditor, certification-body assessor, or audit consultant.
- Experience scaling security assurance programs in high-growth startups or infrastructure companies.
What We Can Offer You
You’ll have the opportunity to help shape the operating standards behind a next-generation AI cloud platform, working on complex infrastructure challenges with real ownership and impact. This is a chance to play a meaningful role in scaling high-performance, sustainable data centre operations in a fast-moving environment.
Equal Opportunities Statement
We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.
If there’s anything we can do to accommodate your specific situation, please let us know.
The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role.
For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location