Rodeo
ResourcesPartnersSign in

Fresha

Technical Head of Compliance

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Technical Head of Compliance

Senior Compliance Manager

Reports to: VP of Security, IT and Compliance

We're looking for an experienced Compliance Manager to drive our compliance program end-to-end at Fresha.


About Fresha

Fresha is the AI-powered operating system for the global beauty, wellness, and self-care industry, connecting and enabling businesses across salons, barbers, spas, medspas, fitness studios, and health practices.

We serve 140,000+ businesses and 450,000+ professionals, processing 1B+ appointments annually. Fresha enables consumers to discover, book, and pay local services through our marketplace, while professionals manage their appointments, finances, marketing, and operations via an intuitive platform.

Fresha’s ecosystem integrates appointment booking, POS systems, customer management, automation, loyalty programs, inventory, and team tools. The consumer-facing marketplace expands revenue through online bookings, targeted marketing (including Instagram, Facebook, and Google integrations), and data-driven insights.

Our headquarters are in London, with offices across North America, EMEA, and APAC.


About the Role

This hands-on role requires ownership of a rapidly scaling compliance program across five critical frameworks:

  • HIPAA (ongoing maintenance)
  • ISO 27001 (ongoing maintenance)
  • PCI DSS (imminent audit)
  • GDPR (launching this year)
  • SOC 2 Type II (launching this year)

You’ll join a mature but rapidly evolving compliance function with existing processes in place (Sprinto, access reviews, vulnerability management), but the expectation is to expand capabilities, automate workflows, and truly scale efficiency.

For three days a week, you’ll work remotely, with the remainder spent in our dog-friendly London office (The Bower, 207-122 Old Street, EC1V 9NR).


What You’ll Own

Audits & Certifications

  • Lead the PCI DSS audit from scoping to completion.
  • Prepare for GDPR and SOC 2 Type II certifications.
  • Serve as the primary contact for external auditors (evidence collation, walkthroughs, findings mitigation).
  • Maintain HIPAA and ISO 27001 certifications between recertifications.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Compliance Operations

  • Conduct quarterly access reviews (users, systems, and permissions).
  • Optimize Sprinto workflows for full control coverage, rapid failure resolution, and current evidence.
  • Track vulnerability management (closure rates, SLA adherence, drift remediation).
  • Lead the compliance risk register (prioritize risks, integrate into business decisions).

Data Protection

  • Handle Subject Access Requests (SARs) and Data Access Requests end-to-end.
  • Maintain up-to-date GDPR Record of Processing Activities (ROPA) as systems and vendors evolve.
  • Enforce data retention policies (theoretical + system-level adherence).

Vendor & Third-Party Risk

  • Evaluate new vendors for security/hygiene, data handling, and compliance obligations.
  • Conduct regular reassessments of critical/high-risk vendors.
  • Manage vendor inventory, Data Processing Agreements (DPAs), and sub-processor lists purposefully.

Policy & Awareness

  • Draft new policies and updates as regulations/business change.
  • Ensure policies are actionable, understood, and followed in practice (not merely ceremonial).
  • Lead the compliance training program (annual + role-specific training for engineers handling PHI/PII).

Automation & AI

  • Question why manual processes remain (e.g., evidence collection, access reviews, vendor assessments).
  • Maximize Sprinto + adjacent tooling, while adopting scripts, automation, and/or AI expansion (e.g., SAR scoping, vendor questionnaire triage).
  • Use LLMs for drafting and analysis—but respect manual sign-off requirements before external/stakeholder engagement.
  • Optimize the compliance function’s operating model for long-term efficiency.

What We’re Looking For

Requirements

✔ Direct experience leading compliance functions across at least two frameworks (e.g., PCI DSS, SOC 2, GDPR, ISO 27001, HIPAA). Right now, PCI DSS and GDPR experience are especially valuable. ✔ Demonstrated ability to push back diplomatically during audits (evidence requests, reconsideration of scope). ✔ A hands-on hands-build-it-myself mentality—not a "create recipes and delegate" role. ✔ AI & automation fluency:ángulo Scripter/Python/Bash familiarity or developer collaboration. The mindset is, "Let’s build tools, not just use them." ✔ Comfort translating between engineering culture and regulatory standards without alienating either side. ✔ Bonus: Exposure to GRC tooling beyond Sprinto, DPO/DPO-adjacent experience, payments regulatory frameworks, or a track record demonstrating measurable automation impact.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

How You’ll Work

  • One direct report from day one, with entitled bandwidth to expand the function as needed.
  • Collaborate with Security, IT, Legal, Engineering, and HR.
  • Audit interactions will demand deep engagement (evidence collation, auditor fieldwork). Day-to-day will involve teams responsible for vulnerability fix pipelines, user access maintenance, and innovations that respect compliance requirements.

Interview Process

Stage 1: Video with Talent Team (45–60 mins) Stage 2: Vice President of Security, IT & Compliance (60 mins) Stage 3: Final-stage video (90 mins: CTO & Head of Talent)

Feedback/closing: Aim to deliver feedback within 4 weeks.


Diversity & Inclusion

We build culture for all backgrounds. Fresha checks each and every application for fairness, and aucunnekn accommodates interviewer/office/accessibility needs—let us know how we can support you.

No discrimination based on: race, colour, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or any applicable legally protected characteristic.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Compliance
Data Protection
Vendor Risk
Policy Writing
Automation
AI Tools
HIPAA
ISO27001
PCI DSS
GDPR
SOC 2
Auditing
Risk Management
Access Reviews
Vulnerability Management
Training

Location

London, England, United Kingdom

Sign up to applySee more jobs like this