Senior Information Security Officer

Definely

Job Overview

Location

London

Job Type

Full-time

Full Job Description

📋 Description

• Senior Information Security Officer responsible for implementing and maintaining security standards, supporting compliance programs, and promoting secure practices across engineering and business teams at Definely, a fast-growing LegalTech company.
• Own and evolve the Information Security Management System (ISMS), lead ISO 27001 and SOC 2 Type II audits, drive readiness for ISO/IEC 42001 AI certification, manage customer due diligence requests, and run the SafeBase-powered Trust Center.
• Embed secure SDLC practices, perform threat modelling, define non-functional security requirements, review designs for security impact, and guide security considerations in AI/LLM-enabled products.
• Own company-wide incident response plan, lead tabletop exercises, perform risk assessments and vendor security reviews, ensure strong access and secrets management, and provide day-to-day IT support including device management, onboarding/offboarding, and scaling internal IT processes.
• Deliver security training and awareness, communicate risks and incidents to technical and non-technical stakeholders, and work closely with product and engineering teams to embed security into the design of Microsoft Word add-ins and AI-driven features.
• Play a key role in safeguarding enterprise customers’ sensitive data while shaping how IT and security scale together at a pivotal stage of company growth.
• Contribute to risk assessments, support incident response activities, and ensure systems and processes align with ISO 27001 and SOC 2 requirements.
• Help scale internal IT processes and tooling as the company grows, supporting secure and efficient work for all employees.

🎯 Requirements

• Proven experience in information security within a SaaS or product-led environment
• Strong track record of delivering ISO 27001, SOC 2, or similar certifications, with interest in ISO/IEC 42001 AI standards
• Experience with compliance tooling such as Drata and working with ISO auditors, ideally in the UK
• Solid understanding of GDPR and data protection best practices
• Deep knowledge of secure SDLC, threat modelling, and securing AI and LLM-based systems
• Strong cloud security expertise across Azure or AWS, including access control, secrets management, and incident response
• Experience running IT operations in a scaling business, including device management, SaaS tooling, and identity systems such as SSO and IAM
• Excellent communication skills, with the ability to work cross-functionally and manage customer security and due diligence processes
• Relevant certifications such as CISSP, CISM, CCSK, or ISO 27001 Lead Auditor, and a degree in a related field

🏖️ Benefits

• Competitive salary & annual bonus
• Equity in Definely
• Quarterly team socials + holiday parties
• Hybrid working + 1 month “work from anywhere”
• 25 days holiday + bank holidays
• Take your birthday off
• £750 annual learning & development budget
• Private healthcare (incl. dental & optical)
• Enhanced parental leave + Workplace Nursery salary sacrifice scheme
• Cycle to Work scheme
• Top-quality equipment

Skills & Technologies

AWS

Azure

Senior

Hybrid

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Definely

Visit Website

About Definely

Definely provides AI-powered software that helps legal teams draft, review, and manage complex documents more efficiently. Its cloud platform integrates with Microsoft Word to surface definitions, cross-references, and obligations in context, reducing errors and speeding turnaround times for law firms, in-house counsel, and professional services firms globally.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.