Senior Specialist- Governance, Risk and Compliance

Mark43’s mission is to empower communities and their governments with new technologies that improve the safety and quality of life for all. We build powerful, scalable, and elegant software that sets a new standard for the tools upon which our first responders rely. Our users operate in high stakes environments, and we are committed to building secure, resilient systems they can trust. We are equally committed to embracing diversity of thought and experience within our team.

We are looking for a Senior Specialist, Governance, Risk & Compliance to join our team, reporting to our Senior Director of GRC. This UK based role will play a critical part in strengthening and scaling our global compliance programme. You will help maintain ISO 27001 certification, drive HIPAA compliance initiatives, and support the expansion into additional ISO frameworks.

This role requires a deep understanding of governance, risk, and compliance practices within SaaS environments. The ideal candidate is both strategic and hands on, capable of designing and improving robust GRC processes while partnering closely with cross functional stakeholders across the UK and US.

What you can expect to work on 

• Develop, implement, and continuously improve security policies, procedures, and standards to ensure compliance with ISO 27001, HIPAA, GDPR, and other applicable frameworks.
• Maintain and enhance our ISO 27001 certification, including control oversight, evidence collection, internal audits, and external audit support.
• Lead HIPAA readiness and compliance initiatives, translating regulatory requirements into practical, scalable controls.
• Support the evaluation and adoption of additional ISO frameworks as the business grows internationally.
• Conduct risk assessments, identify potential risks, and develop mitigation strategies in partnership with Engineering, Product, IT, and Legal teams.
• Manage control maturity initiatives and drive continuous process improvement across GRC activities.
• Respond to security questionnaires, customer due diligence requests, and third party audits with clarity and efficiency.
• Evaluate systems and cloud hosted environments for compliance with published standards, including architecture, monitoring, logging, and security configuration requirements.
• Manage exceptions and track remediation activities related to security controls.
• Deliver training and awareness initiatives that strengthen understanding of security and compliance responsibilities across the organisation.
• Serve as a subject matter expert in Information Security, communicating effectively with both technical and non technical audiences.
• Handle the detailed documentation, follow ups, and coordination that keep a global compliance programme running effectively.

What we expect from you 

• Five to eight years of experience in a GRC role within a SaaS or technology environment operating in regulated industries.
• Demonstrated hands on experience maintaining ISO 27001 certification, including ownership of control operation, internal audit coordination, corrective actions, and external audit support.
• Direct experience supporting or leading HIPAA compliance initiatives, including translating regulatory requirements into operational controls and partnering with technical teams to implement safeguards.
• Strong working knowledge of operating within an ISO aligned Information Security Management System, including risk registers, Statements of Applicability, control testing, continuous monitoring, and management review processes.
• Deep understanding of risk management principles and practical experience conducting formal risk assessments.
• Experience working cross functionally with Engineering, IT, Security, Legal, and Operations teams to operationalise controls without creating unnecessary friction.
• Ability to independently facilitate audits, risk assessments, and compliance initiatives, managing timelines, stakeholders, and follow ups with minimal oversight.
• Strong communication skills, with the ability to translate complex regulatory and audit requirements into clear, actionable guidance for both technical and non technical audiences.
• Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, CRISC, or similar are a plus.

People who thrive on our team also tend to share the following characteristics:  

• Humble, open, and curious.  
• Attentive, active listeners. You are interested in what others have to say and illustrate your interest with your actions.  
• Resilience. You do not shy away from challenging work, and you proactively help your team solve problems.  
• Enthusiastic collaborators. You understand that the best outcomes are achieved through shared ownership and seek to spread knowledge and expand participation rather than restrict it.  
• Comfortable with uncertainty. You know that sometimes problems and situations can’t be simplified or fully understood and are at ease working within this type of haziness.  
• Passionate about personal growth. You view mistakes as opportunities for learning, and want to grow as a designer, colleague, and person.  
• Eager to help others. You look for ways to provide support for more junior members of the team and develop cooperative working relationships.