Information Security Officer

Owning our ISO 27001 ISMS and ensuring it is always-on, including managing internal audits, evidence, management reviews, corrective actions, and external audit readiness

• Running security risk management that leads to decisions by maintaining a living risk register, driving mitigations, and enabling explicit risk acceptance when needed
• Driving security governance with practical policies and standards for access, data handling, vendor risk, and incident response
• Leading security incident governance, including classification, escalation, post-incident learning loops, and preventing repeats in partnership with relevant teams
• Managing third-party and vendor security risk, including risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance
• Enabling safe use of AI and agentic workflows by setting clear guardrails for AI tooling and automation
• Participating in architecture decisions with security impact as a required security reviewer
• Providing clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

3+ (typically 5+) years of relevant experience with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently (ideally in SaaS/tech or a fast-paced scale-up)

• Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation
• Strong stakeholder management - ability to influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership
• Pragmatic mindset: balancing security, speed, and customer impact using risk-based thinking
• Strong written and verbal communication in English - ability to turn complex topics into clear actions and decisions
• A hands-on, ownership mentality: actively making policies real