Information Security Officer (Hybrid Working) in London

We’re looking for a skilled Senior Information Security Officer to join Definely at a pivotal stage of growth. You’ll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements, contributing to risk assessments, and supporting incident response activities. Working closely with product and engineering teams, you’ll help embed security into the design of our Microsoft Word add-ins and AI-driven features.

As we scale, you’ll also provide IT support across the business, helping to manage devices, onboard new team members, and support day-to-day IT operations to ensure our people can work securely and efficiently. This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company, helping safeguard enterprise customers’ most sensitive data while also shaping how we scale IT and security together.

• Own and evolve Definely’s Information Security Management System (ISMS).
• Drive readiness for ISO/IEC 42001 AI certification.
• Guide security considerations in our AI/LLM-enabled products.
• Perform ongoing risk assessments, vendor security reviews, and DPIAs.
• Ensure strong access management, secrets management, and cloud security hygiene.
• Provide day-to-day IT support for employees, including device management, troubleshooting, and access provisioning.
• Support onboarding and offboarding processes to ensure secure and efficient setup of accounts, devices, and permissions.
• Help scale internal IT processes and tooling as the company grows.
• Deliver security training and awareness across the company.
• Communicate risks and incidents clearly to technical and non-technical stakeholders.

Proven experience in information security within a SaaS or product led environment. Strong track record of delivering ISO 27001, SOC 2, or similar certifications, with interest in ISO/IEC 42001 AI standards. Solid understanding of GDPR and data protection best practices. Deep knowledge of secure SDLC, threat modelling, and securing AI and LLM based systems. Strong cloud security expertise across Azure or AWS, including access control, secrets management, and incident response. Experience running IT operations in a scaling business, including device management, SaaS tooling, and identity systems such as SSO and IAM. Relevant certifications such as CISSP, CISM, CCSK, or ISO 27001 Lead Auditor, and a degree in a related field.

Competitive salary & annual bonus. Quarterly team socials + holiday parties. Hybrid working + 1 month “work from anywhere”. 25 days holiday + bank holidays. Take your birthday off. Private healthcare (incl. dental & optical). Enhanced parental leave + Workplace Nursery salary sacrifice scheme. Cycle to Work. Top-quality equipment.

As AI accelerates the volume and pace of legal decisions, Definely ensures lawyers can understand the full structure of a contract, see the implications of every change, and negotiate with confidence and control. Launched in September 2020 by Nnamdi Emelifeonwu and Feargus MacDaeid, who worked together at Freshfields, Definely is trusted by over 150+ in-house legal teams and private practice firms, with thousands of users globally. Definely recently raised its Series B and is backed by Microsoft, Google, and Octopus Ventures.

By submitting your application, you agree that DEFEYENE LEGAL SOLUTIONS LIMITED ('Definely') may collect, process, and store your personal data as part of our recruitment process. Your personal data will be stored for up to 12 months, after which it will be securely deleted unless we have another lawful basis to retain it. You have the right to access, correct, or request the deletion of your data at any time. For more details on how we handle your personal data and your rights, please send us an email and we will send you our privacy policy.