EMEA Assurance Lead

Role Overview

Scale builds the data and infrastructure behind large-scale foundation models and is expanding its footprint across global markets, including public sector growth in EMEA. The company is hiring an EMEA Assurance Lead to own and run assurance programs for its EMEA public sector and commercial operations.

This is a highly autonomous, hands-on individual contributor position that reports to the Head of Global Assurance. You will develop EMEA-specific controls within Scale’s broader assurance framework, while staying aligned with the global controls library and reporting rhythms. Working closely with Global Public Sector, Enterprise, Security, Engineering, Product, and Legal, you will help deliver regional authorizations, certifications, and customer assurance outcomes across EMEA, with emphasis on the GCC, UK, and EU.

What You Will Do

• Drive region-focused assurance initiatives across the GCC and UK, covering programs such as Qatar NCSA National Information Assurance (NIA), KSA NCA Essential Cybersecurity Controls (ECC), UAE DESC Information Security Regulation (ISR), and UK Cyber Essentials Plus, Defence Cyber Certification (DCC), and NCSC Secure by Design (SdB). Responsibilities include control mapping, evidence gathering, gap assessment, certification scheduling, and submission coordination, including work with accredited external assessors where needed.
• Partner with the global GRC team to preserve and renew existing certifications and pursue additional ones such as SOC 2, ISO 27001, ISO 42001, and ISO 9001, including adapting these certifications for EMEA and international operations, as well as NATO-related defence opportunities.
• Build and update EMEA-tailored controls by adapting the global controls structure to sovereign regulatory and customer expectations, such as data residency and sector-specific needs like healthcare, and determine where current controls are sufficient versus where new controls or supporting evidence are required.
• Define priorities and operating routines for EMEA assurance workstreams, including request intake, evidence collection, follow-up with control owners, remediation tracking, and deadline management, while keeping progress visible in Scale’s global assurance dashboards.
• Assist with public sector customer assurance activities in EMEA, including security questionnaires, compliance due diligence responses, customer assurance conversations, and compliance input for bid and capture efforts where assurance readiness is a procurement requirement.
• Work with Legal on contract-based assurance obligations across EMEA, intersections with data protection and AI governance requirements such as GDPR, Qatar PDPPL, and the EU AI Act, and escalations involving sovereign regulators.
• Coordinate with external auditors, assessors, certification bodies, and regulatory stakeholders based in EMEA.
• Contribute to internal and external audits across the region and report to the Head of Global Assurance on program status, major risks, certification milestones, and local regulatory changes.

Requirements

• At least 7 years of experience in cybersecurity compliance, GRC, public sector assurance, IT audit, cloud security, or a related field, with substantial exposure to EMEA markets.
• Background delivering government or public sector assurance programs in the UK, EU, or GCC, including collaboration with certification bodies, government assessors, or authorizing officials.
• Strong working knowledge of one or more of the following: UK Cyber Essentials/Cyber Essentials+, ISO 27001, ISO 9001, ISO 42001, SOC 2, or similar frameworks, plus sovereign security regimes in the GCC such as Qatar NCSA NIA, KSA SCCC/NCA, or UAE DESC/NESA.
• Understanding of EMEA data protection and AI governance obligations such as GDPR, PDPPL, and the EU AI Act, and how they translate into technical and organizational controls.
• Experience handling control mapping, evidence collection, remediation tracking, and audit coordination across distributed engineering and infrastructure teams.
• Experience with cloud platforms such as AWS, Azure, or GCP, and the ability to evaluate cloud architectures against compliance requirements.
• Strong communication, good judgment around escalation, and the ability to work independently in a regional remit while staying aligned with a global program.
• Preference for candidates with relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, ISO 42001 Internal Auditor, or CCSP.
• Additional advantage for candidates with NATO information assurance experience or defence procurement exposure.
• Familiarity with EMEA healthcare or medical-device regulatory requirements, especially in the GCC and UK, is a plus.
• Working knowledge of Arabic is desirable.
• UK SC or DV clearance, or eligibility for similar EMEA government security clearances, is a plus.
• Experience from a Big 4 firm or a high-growth technology company is preferred.

Additional Information

Applicants who are reconsidered for the same role are subject to a 90-day waiting period before being reviewed again.

About Scale

Scale’s mission is to build dependable AI systems for the world’s most critical decisions. The company provides high-quality data and full-stack technology that support leading models and help enterprises and governments create, deploy, and oversee AI applications with meaningful impact. Scale works with organizations such as Meta, Ernst & Young, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force.

Equal Opportunity and Accommodations

Scale is an equal opportunity employer and values an inclusive workplace where people can bring their whole selves to work. Employment decisions are made without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. The company also provides reasonable accommodations for applicants with physical or mental disabilities. If you need help during the application or hiring process because of a disability, you may contact [email protected].

Privacy and Pay Transparency

Scale states that it complies with the United States Department of Labor's Pay Transparency provision. The company also collects, retains, and uses personal data for legitimate business purposes, including sharing relevant opportunities with affiliates, and says it limits collection to what is necessary to manage applicants’ needs, provide services, and meet legal obligations. Application data is handled under internal privacy and protection policies.