Senior Information Security Officer

ABOUT THE ROLE

We’re looking for a skilled Senior Information Security Officer to join Definely at a pivotal stage of growth. In this role, you’ll take ownership of implementing and maintaining our security standards, supporting compliance programs, and promoting secure practices across engineering and business teams.

You’ll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements, contributing to risk assessments, and supporting incident response activities. Working closely with product and engineering teams, you’ll help embed security into the design of our Microsoft Word add-ins and AI-driven features.

As we scale, you’ll also provide IT support across the business, helping to manage devices, onboard new team members, and support day-to-day IT operations to ensure our people can work securely and efficiently.

This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company, helping safeguard enterprise customers’ most sensitive data while also shaping how we scale IT and security together.

WHAT YOU'LL DO:

Governance & Compliance

- Own and evolve Definely’s Information Security Management System (ISMS).

- Lead ISO 27001 and SOC 2 Type II audits, ensuring controls remain effective.

- Drive readiness for ISO/IEC 42001 AI certification

- Apply prior experience successfully obtaining ISO and SOC certifications

- Manage customer due diligence requests and run Definely’s SafeBase-powered Trust Center; streamline customer security questionnaires, DPAs, and RFP security sections.

Product & Engineering Partnership

- Embed secure SDLC practices across product teams, from design to release.

- Perform threat modelling, define non-functional security requirements, and review designs for security impact.

- Guide security considerations in our AI/LLM-enabled products.

Risk & Incident Management

- Own the company-wide incident response plan and lead tabletop e...