Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security initiatives and ensure compliance with ISO standards in a fast-growing LegalTech company.
- Company: Join Definely, a pioneering LegalTech firm backed by industry giants like Microsoft and Google.
- Benefits: Enjoy competitive salary, equity, hybrid work, and generous holiday allowance.
- Other info: Dynamic team culture with excellent growth opportunities and a focus on professional development.
- Why this job: Make a real impact on data security while shaping IT practices in an innovative environment.
- Qualifications: Experience in information security and strong knowledge of ISO certifications required.
The predicted salary is between 60000 - 80000 £ per year.
We're looking for a skilled Senior Information Security Officer to join Definely at a pivotal stage of growth. In this role, you'll take ownership of implementing and maintaining our security standards, supporting compliance programs, and promoting secure practices across engineering and business teams.
You'll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements, contributing to risk assessments, and supporting incident response activities. Working closely with product and engineering teams, you'll help embed security into the design of our Microsoft Word add-ins and AI-driven features.
As we scale, you'll also provide IT support across the business, helping to manage devices, onboard new team members, and support day-to-day IT operations to ensure our people can work securely and efficiently. This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company, helping safeguard enterprise customers' most sensitive data while also shaping how we scale IT and security together.
What you'll do
- Governance & Compliance
- Own and evolve Definely's Information Security Management System (ISMS).
- Lead ISO 27001 and SOC 2 Type II audits, ensuring controls remain effective.
- Drive readiness for ISO/IEC 42001 AI certification.
- Apply prior experience successfully obtaining ISO and SOC certifications.
- Manage customer due diligence requests and run Definely's SafeBase-powered Trust Center; streamline customer security questionnaires, DPAs, and RFP security sections.
- Product & Engineering Partnership
- Embed secure SDLC practices across product teams, from design to release.
- Perform threat modelling, define non-functional security requirements, and review designs for security impact.
- Guide security considerations in our AI/LLM-enabled products.
- Risk & Incident Management
- Own the company-wide incident response plan and lead tabletop exercises.
- Perform ongoing risk assessments, vendor security reviews, and DPIAs.
- Ensure strong access management, secrets management, and cloud security hygiene.
- IT Support & Operations
- Provide day-to-day IT support for employees, including device management, troubleshooting, and access provisioning.
- Support onboarding and offboarding processes to ensure secure and efficient setup of accounts, devices, and permissions.
- Help scale internal IT processes and tooling as the company grows.
- Enablement & Communication
- Deliver security training and awareness across the company.
- Communicate risks and incidents clearly to technical and non-technical stakeholders.
What you'll bring
- Proven experience in information security within a SaaS or product led environment.
- Strong track record of delivering ISO 27001, SOC 2, or similar certifications, with interest in ISO/IEC 42001 AI standards.
- Experience with compliance tooling such as Drata and working with ISO auditors, ideally in the UK.
- Solid understanding of GDPR and data protection best practices.
- Deep knowledge of secure SDLC, threat modelling, and securing AI and LLM based systems.
- Strong cloud security expertise across Azure or AWS, including access control, secrets management, and incident response.
- Experience running IT operations in a scaling business, including device management, SaaS tooling, and identity systems such as SSO and IAM.
- Excellent communication skills, with the ability to work cross functionally and manage customer security and due diligence processes.
- Relevant certifications such as CISSP, CISM, CCSK, or ISO 27001 Lead Auditor, and a degree in a related field.
What we can offer you
- Competitive salary & annual bonus.
- Equity in Definely.
- Quarterly team socials & holiday parties.
- Hybrid working & 1 month "work from anywhere".
- 25 days holiday & bank holidays.
- Take your birthday off.
- £750 annual learning & development budget.
- Private healthcare (incl. dental & optical).
- Enhanced parental leave & Workplace Nursery salary sacrifice scheme.
- Additional perks: Cycle to Work.
- Top-quality equipment.
Definely builds specialist review tools for lawyers working on complex contracts. As AI accelerates the volume and pace of legal decisions, Definely ensures lawyers can understand the full structure of a contract, see the implications of every change, and negotiate with confidence and control.
Launched in September 2020 by Nnamdi Emelifeonwu and Feargus MacDaeid, who worked together at Freshfields, Definely is trusted by over 150 in-house legal teams and private practice firms, with thousands of users globally. Its customers include top Magic Circle and AMLaw 200 firms, including A&O Shearman, Slaughter and May, DLA Piper, KPMG, Samsung and IKEA.
We recently raised our Series B and are backed by Microsoft, Google, and Octopus Ventures. This is a rare opportunity to shape a new category at the moment it becomes essential.
Senior Information Security Officer employer: Definely Ltd.
Contact Detail:
Definely Ltd. Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Information Security Officer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their products and how they align with your skills, especially in security practices. Tailor your responses to show how you can contribute to their goals.
✨Tip Number 3
Showcase your expertise! Bring examples of your past work, especially around ISO 27001 and SOC 2 compliance. Discuss how you've tackled security challenges and improved processes in previous roles.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, it shows you're genuinely interested in joining our team at Definely.
We think you need these skills to ace Senior Information Security Officer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Senior Information Security Officer role. Highlight your experience with ISO 27001, SOC 2, and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our mission at Definely. Keep it concise but impactful – we love a good story!
Showcase Your Technical Skills: Don’t forget to mention your technical expertise in cloud security, secure SDLC, and incident response. We’re keen on candidates who can demonstrate their hands-on experience in these areas, so be specific!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates. Plus, we love seeing applications come in through our own channels!
How to prepare for a job interview at Definely Ltd.
✨Know Your Standards
Make sure you’re well-versed in ISO 27001 and SOC 2 requirements. Brush up on how these standards apply to the role and be ready to discuss your experience with them. This shows you’re not just familiar with the terms, but you understand their practical implications.
✨Showcase Your Technical Skills
Prepare to talk about your experience with secure SDLC practices, threat modelling, and cloud security, especially in Azure or AWS. Bring examples of how you've embedded security into product design or managed incident responses in previous roles. Real-world examples will make your skills stand out.
✨Communicate Clearly
Since you'll be working with both technical and non-technical teams, practice explaining complex security concepts in simple terms. Think about how you would communicate risks or incidents to different stakeholders. Clear communication is key in this role!
✨Be Ready for Scenario Questions
Expect questions that put you in hypothetical situations related to risk assessments or incident management. Prepare by thinking through how you would handle various scenarios, such as a data breach or a compliance audit. This will demonstrate your problem-solving skills and readiness for the role.