At a Glance
- Tasks: Ensure security compliance and support IT operations in a fast-growing LegalTech company.
- Company: Join Definely, a dynamic LegalTech startup backed by Microsoft and Google.
- Benefits: Competitive salary, hybrid working, generous holiday, and private healthcare.
- Other info: Exciting growth opportunities and a collaborative team culture.
- Why this job: Make a real impact on data security while shaping IT processes in an innovative environment.
- Qualifications: Experience in information security and knowledge of ISO standards required.
The predicted salary is between 60000 - 80000 £ per year.
We’re looking for a skilled Senior Information Security Officer to join Definely at a pivotal stage of growth. You’ll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements, contributing to risk assessments, and supporting incident response activities. Working closely with product and engineering teams, you’ll help embed security into the design of our Microsoft Word add-ins and AI-driven features. As we scale, you’ll also provide IT support across the business, helping to manage devices, onboard new team members, and support day-to-day IT operations to ensure our people can work securely and efficiently.
This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company, helping safeguard enterprise customers’ most sensitive data while also shaping how we scale IT and security together.
- Own and evolve Definely’s Information Security Management System (ISMS).
- Drive readiness for ISO/IEC 42001 AI certification.
- Guide security considerations in our AI/LLM-enabled products.
- Perform ongoing risk assessments, vendor security reviews, and DPIAs.
- Ensure strong access management, secrets management, and cloud security hygiene.
- Provide day-to-day IT support for employees, including device management, troubleshooting, and access provisioning.
- Support onboarding and offboarding processes to ensure secure and efficient setup of accounts, devices, and permissions.
- Help scale internal IT processes and tooling as the company grows.
- Deliver security training and awareness across the company.
- Communicate risks and incidents clearly to technical and non-technical stakeholders.
Proven experience in information security within a SaaS or product led environment. Strong track record of delivering ISO 27001, SOC 2, or similar certifications, with interest in ISO/IEC 42001 AI standards. Solid understanding of GDPR and data protection best practices. Deep knowledge of secure SDLC, threat modelling, and securing AI and LLM based systems. Strong cloud security expertise across Azure or AWS, including access control, secrets management, and incident response. Experience running IT operations in a scaling business, including device management, SaaS tooling, and identity systems such as SSO and IAM. Relevant certifications such as CISSP, CISM, CCSK, or ISO 27001 Lead Auditor, and a degree in a related field.
Information Security Officer (Hybrid Working) employer: Definely
Definely is an exceptional employer that fosters a dynamic and inclusive work culture, offering hybrid working arrangements and a generous benefits package including private healthcare and enhanced parental leave. As a rapidly growing LegalTech company, we provide ample opportunities for professional development and the chance to make a significant impact on our security posture while working with cutting-edge AI technologies. Join us in shaping the future of legal technology in a supportive environment that values innovation and collaboration.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Officer (Hybrid Working)
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a portfolio or a personal project that highlights your expertise in information security. This is a great way to demonstrate your capabilities beyond just a CV.
✨Tip Number 3
Prepare for interviews by researching the company and its products. Understand their security needs and be ready to discuss how you can help them achieve their goals, especially around ISO 27001 and SOC 2 compliance.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at Definely.
We think you need these skills to ace Information Security Officer (Hybrid Working)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Information Security Officer role. Highlight your experience with ISO 27001, SOC 2, and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our team at Definely. Keep it concise but impactful – we love a good story!
Showcase Relevant Experience:When filling out your application, be sure to showcase your experience in risk assessments, incident response, and IT support. We’re keen to see how you've tackled similar challenges in the past and how you can bring that expertise to us.
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It helps us keep track of applications and ensures you get all the updates directly from us. Plus, it shows you're keen on joining our team!
How to prepare for a job interview at Definely
✨Know Your Standards
Familiarise yourself with ISO 27001 and SOC 2 requirements. Be ready to discuss how your experience aligns with these standards, especially in relation to risk assessments and incident response activities.
✨Showcase Your Technical Skills
Prepare to talk about your expertise in cloud security, particularly with Azure or AWS. Highlight any relevant projects where you’ve implemented secure SDLC practices or managed access control effectively.
✨Communicate Clearly
Practice explaining complex security concepts in simple terms. You’ll need to communicate risks and incidents to both technical and non-technical stakeholders, so clarity is key!
✨Demonstrate Your IT Support Experience
Be ready to share examples of how you've provided IT support in a scaling business. Discuss your approach to device management, onboarding new team members, and ensuring secure operations.
