About DIGI2AL
DIGI2AL is an employee-owned defense-focused digital services consultancy. A vendor-agnostic UK Crown Commercial Services accredited supplier, we have delivered over 120 cloud-hosted digital services across the public sector, working in partnership with clients to research and develop outcomes and services spanning artificial intelligence, data science, low code and complex code software engineering, cyber security, cloud engineering, and user-centred design. At DIGI2AL, our technology values drive everything we do. We are committed to open, contemporary and secure solutions that put users first. We embrace cutting-edge technologies while ensuring interoperability, resilience and ethical innovation. By prioritising transparency, adaptability and security, we enable organisations to build future-proof digital services that deliver real impact.
Role purpose
To lead and continuously strengthen the company’s compliance, information security, and assurance functions, ensuring the business can operate confidently, securely, and credibly within the UK defence technology sector. The role safeguards the organisation’s people, information, systems, and reputation by embedding pragmatic governance, managing regulatory and customer security requirements, and enabling secure growth.
As a trusted partner to leadership and delivery teams, the Head of Compliance & Assurance ensures the company meets evolving obligations relating to cyber security, data protection, and defence-sector standards, while fostering a culture where security and compliance support innovation, operational agility, and customer trust rather than hinder them.
What you’ll be doing
Compliance & Governance
- Implement, and maintain the company’s compliance and security management framework aligned to UK defence-sector expectations and applicable regulatory requirements
- Ensure ongoing compliance with relevant standards, frameworks, and contractual obligations, including Cyber Essentials Plus, ISO 27001, GDPR, MOD requirements.
- Maintain company policies, procedures, standards, and registers relating to
information security, data protection, risk, and governance.
- Coordinate internal and external audits, certification, and compliance
assessments.
Information & Cyber Security
- Lead on information security, ensuring appropriate technical, physical, and
procedural safeguards are implemented and maintained.
- Ensure appropriate arrangements are in place for security risk assessment,
vulnerability management, incident response and remediation
- Embed secure-by-design principles into systems, products, and business
processes.
- Manage security incidents, and lessons learned processes.
- Support secure handling, storage, transmission, and disposal of sensitive,
controlled, and classified information where applicable.
Risk Management & Assurance
- Maintain the risk and compliance registers, ensuring risks are identified, assessed, mitigated, and reported effectively
- Provide regular assurance reporting and risk insights to the seniors
- Lead business continuity and disaster recovery planning, testing, and continuous improvement activities
Client & Bid Support
- Act as the primary point of contact for customer security and compliance matters across defence and government programmes
- Support bid, tender, and onboarding activities by responding to security
questionnaires, assurance requests, and contractual compliance requirements. Culture, Training & Awareness
- Promote a positive security and compliance culture across the organisation
through onboarding, training, and awareness
- Deliver guidance and practical support to employees on security, compliance, and data protection responsibilities
- Liaise with client-based security teams as necessary
The experience you’ll bring
Essential
- Experience maintaining ISO and Cyber Essentials Plus
- Experience leading audits, assurance reviews and certification activities
- Experience working within defence, government or regulated environments
- Experience developing governance, risk and compliance frameworks
- Experience supporting customer assurance and bid activities
- Strong stakeholder management and influencing skills Desirable
- Experience implementing Microsoft 365 governance and information management solutions
- Knowledge of MOD security requirements and defence assurance processes
- Experience leading business continuity and resilience activities
Your personal qualities
- Planning and organisation
- Problem-solving and initiative
- Leadership
- Team collaboration
- Communication and influencing
- Empathy
This is a hybrid role, 2-3 days per week in our London office. Additionally, the role will require infrequent travel to client sites.
Minimum security level required for this role is SC; candidates must be willing to undergo this security check.
