Information Security Officer

About the role

Were looking for a skilled Information Security Officer (ISO) to join Definely at a pivotal stage of this role youll take ownership of implementing and maintaining our security standards supporting compliance programs and promoting secure practices across engineering and business teams.

Youll play a key role in ensuring our systems and processes align with ISO 27001 and SOC 2 requirements contributing to risk assessments and supporting incident response activities. Working closely with product and engineering teams youll help embed security into the design of our Microsoft Word add-ins and AI-driven features.

As we scale youll also provide IT support across the business helping to manage devices onboard new team members and support day-to-day IT operations to ensure our people can work securely and efficiently.

This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company helping safeguard enterprise customers most sensitive data while also shaping how we scale IT and security together.

What youll do:

Governance & Compliance

• Own and evolve Definelys Information Security Management System (ISMS).

• Lead ISO 27001 and SOC 2 Type II audits ensuring controls remain effective.

• Manage customer due diligence requests and run Definelys SafeBase-powered Trust Center; streamline customer security questionnaires DPAs and RFP security sections.
  

Product & Engineering Partnership

• Embed secure SDLC practices across product teams from design to release.

• Perform threat modelling define non-functional security requirements and review designs for security impact.

• Guide security considerations in our AI/LLM-enabled products.
  

Risk & Incident Management

• Own the company-wide incident response plan and lead tabletop exercises.

• Perform ongoing risk assessments vendor security reviews and DPIAs.

• Ensure strong access management secrets management and cloud security hygiene.
  

IT Support & Operations

• Provide day-to-day IT support for employees including device management troubleshooting and access provisioning.

• Support onboarding and offboarding processes to ensure secure and efficient setup of accounts devices and permissions.

• Help scale internal IT processes and tooling as the company grows.
  

Enablement & Communication

• Train staff and raise security awareness across the business.

• Communicate risks and incidents clearly to technical and non-technical stakeholders.

What youll bring:

• Hands-on experience in information security ideally within a SaaS or product-led environment.

• Proven success leading or supporting ISO 27001 and/or SOC 2 Type I/II compliance programs.

• Deep understanding of secure SDLC practices including threat modelling and design reviews for security impact.

• Experience securing AI/LLM features including agentic workflows retrieval systems and data privacy risks.

• Strong practical knowledge of cloud security (Azure or AWS) access management secrets handling and incident response.

• Experience managing internal IT operations in a scaling company including device management (MDM) SaaS administration and identity tooling (SSO IAM).

• Excellent communication skills with a proven ability to engage cross-functional teams and handle customer security assessments and due diligence.

• Certifications (CISSP CISM CCSK ISO 27001 LA).

• Bachelors Degree in Computer Science Information Security or a related field.

• Hands-on experience with IT operations in a scaling business (e.g. device management MDM solutions SaaS administration SSO/identity tools).
  

What We Offer:

• Competitive Compensation: A salary package aligned with your experience and impact.

• Meaningful Stock Options: Be rewarded for growing with the company

• Annual Bonus scheme: Eligible for the company bonus scheme.

• Real Impact & Growth: Be part of a scaling company where your work truly moves the needle.

• High-Performance Culture: Collaborate with ambitious high-calibre teammates who raise the bar.

• Private Healthcare: Vitality healthcare including Dental and Optical.

• Generous Time Off: 25 days of annual leave plus UK public holidays.

• Pension Plan: Competitive scheme to help plan for your future.

• Work From Anywhere Policy: Spend up to a month a year working abroad

• Enhanced Parental Leave: Inclusive policies that support working families.

• Top-Quality Equipment: Modern tech and ergonomic setups to help you do your best work.

About Definely

Definely is revolutionising how legal professionals access and understand information in complex documents. Our LegalTech solutions integrate directly into legal workflows enabling teams to draft review and interpret contracts more efficiently without breaking focus.

Were proud to be recognised among the Top 25 in Deloittes UK Technology Fast 50 and backed by Revaia Microsoft Google and Octopus Ventures. Trusted by top firms like A&O Shearman Dentons Deloitte and Barclays were building tools that empower legal teams to work smarter and reduce risk.

At Definely youll be part of a mission-driven collaborative and ambitious team committed to innovation and growth.

Data Privacy Notice

By submitting your application you agree that DEFEYENE LEGAL SOLUTIONS LIMITED (Definely) may collect process and store your personal data as part of our recruitment process. We will use the information you provide to assess your qualifications for the role you are applying for and to communicate with you regarding your personal data will be stored for up to 12 months after which it will be securely deleted unless we have another lawful basis to retain it. You have the right to access correct or request the deletion of your data at any more details on how we handle your personal data and your rights please send us an email to and we will send your our privacy policy.

If you have any concerns about how your data is being processed please do not hesitate to contact us.