Compliance Manager

3 billion people across the world work in frontline jobs. Yet, despite rising costs and staff shortages, frontline organisations are still left to choose between paper, Excel, and WhatsApp, or decade-old workforce management solutions to take care of the most important part of their businesses - their people.

Enter Sona: the next generation of AI-native, frontline workforce management. We’ve built an end-to-end platform covering Scheduling, HR, Payroll, and Communications that gives the largest frontline organisations everything they need to staff more intelligently and empower their teams.

In 4 years, we’ve already made a deep impact on the lives of over 100k frontline workers and the operation of their organisations, grown the team to 120+, and secured over $50M in funding from notable VC’s, including Felicis, Northzone, Gradient Ventures (Google), SpeedInvest, Antler, and Notion Capital, plus notable angels like Tom Blomfield (Monzo).

It’s a hugely exciting time to be joining the team as we’re still small enough that you’ll have a significant impact on the company’s growth trajectory and culture, yet large enough to have a great structure, experienced leaders and world-class benefits in place. More on working at Sona here.

About the Role

As we scale across the UK and US, we’re looking for a hands-on Compliance Manager with a strong information security background to own and evolve our security and compliance foundations.

This role is InfoSec-led, with ISO 27001 as an immediate priority and SOC 2 likely in the medium term. You’ll work closely with Product, Engineering, Legal and Leadership to translate compliance requirements into practical, working systems that support growth rather than slow it down.

As this is our first full-time compliance hire, it is a fantastic opportunity to fully own and craft a robust, scaleable compliance programme in a fast-growing software business. If this idea sounds exciting - we want to hear from you!

This role will sit in our Legal & Compliance function, reporting into our General Counsel. We are happy to consider candidates based anywhere in the UK, if you are happy with some occasional travel to our London office (Soho).

Responsibilities 

• Own and lead information security across the business, including policies, controls and risk management

• Lead external certifications and audits (e.g. ISO 27001, GDPR, SOC 2, Cyber Essentials)

• Work cross-functionally to advise teams on risk and data security, supporting them with use of new tools and AI adoption

• Translate security and compliance requirements into concrete systems, tools and processes

• Own or lead implementation of technical controls (e.g. access management, logging, monitoring, incident response, device management)

• Act as the point of contact for RFPs, customer security reviews, questionnaires and audits

• Support and develop AML compliance, extending depth over time where needed

Requirements

• 5+ years’ experience in information security, compliance or closely related roles

• Hands-on experience leading or materially contributing to external certificates (e.g. ISO 27001, GDPR, SOC 2, Cyber Essentials)

• Experience in a SaaS or technology environment, ideally a startup or scale-up

• Strong understanding of security controls and how to implement them in practice (not just on paper)

• Experience working directly with tools, vendors and configurations (not purely advisory)

• A pragmatic, risk-based mindset with the ability to push back clearly and constructively

Nice to have

• Exposure to US customers or US compliance expectations

• Familiarity with AML or adjacent compliance areas, with willingness to deepen expertise

Benefits

• Salary: £75,000-£85,000

• Share options

• 35 days annual leave (25 days standard plus 10 flexible public holiday days) 

• Extra day of leave for every year of service

• Pension contributions matched up to 5%

• Comprehensive health insurance

• Enhanced parental leave & pay

• Co-working space stipend for those based outside London

• Annual all expenses paid team retreats

• The latest Macbook and equipment budget for your home office

• Professional development budget

• Unlimited free books

Note: this represents a typical benefits package for a UK-based, full-time employee. Exact details may vary based on location and employment type but we try to be as fair as possible to all of our team members. Please ask your contact in the Talent team to clarify the available benefits for you.