Information Security Specialist

About The Position

Requirements

• You have 3+ years of experience in GRC, information security, compliance, or audit roles, ideally in a high-growth technology or SaaS environment. Alternatively you are an experienced software engineer who is transitioning into Information Security.
• You have hands-on experience implementing and managing ISO 27001 and SOC 2 Type II, NIST 800-53 compliant compliance programs.
• You might have achieved desirable certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor.
• You have knowledge of governance frameworks, risk management methodologies, and data protection regulations (ERM, GDPR, CCPA, ISO 42001, SOX ITGC).
• You understand Zero Trust principles and OWASP top 10 risks and how to apply them across identity, devices, dev-ops processes and cloud services.
• You can confidently engage with technical teams on topics like cloud security (Azure), infrastructure-as-code, secure development practices, and AI system security.
• You have strong analytical and organizational skills, with the ability to remain focus amongst multiple audits, assessments, and compliance initiatives.
• You have excellent communication and stakeholder management skills, able to translate security & compliance requirements into clear, actionable guidance for technical and non-technical audiences.

Nice To Haves

• Experience with securing AI/ML workflows and building automation with GenAI tools (for example Zapier, n8n) is a big plus.

Responsibilities

• Own and maintain the ISMS in accordance with ISO 27001 and ISO 42001, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved.
• Lead the company's compliance efforts for SOC 2 Type II and support future SOX ITGC readiness, working closely with Finance and Engineering to map business processes and establish IT controls.
• Develop, implement, and maintain information security policies, standards, and procedures that are lightweight, actionable, and aligned with regulatory frameworks including GDPR, ISO 27001, SOC 2, and ISO 42001.
• Conduct regular risk assessments, threat modeling, and gap analyses to identify security risks and prioritize remediation efforts across the organization.
• Coordinate internal and external audits, penetration tests, and compliance assessments — ensuring continuous audit readiness and managing remediation plans.
• Manage vendor risk by conducting third-party security reviews, due diligence assessments, and ongoing vendor monitoring programs.
• Be a primary point of contact for client security questionnaires, due diligence requests, audit reports (SOC 2, ISO certificates), and contractual security commitments.
• Support secure AI governance by defining policies and controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001.
• Drive security awareness and training across the organization, including new joiners and regular security education sessions.
• Collaborate with Engineering teams on incident response planning, ensuring lessons learned are incorporated into policies and risk management processes.
• Track and report on security metrics, KPIs, and compliance status to leadership, providing actionable insights and recommendations.