Information Security Lead

Responsibilities

• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness

• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation

• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits

• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses

• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment

• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team

• Monitor and respond to security incidents; maintain and test incident response procedures

• Conduct regular risk assessments and translate findings into concrete, actionable remediation work

• Keep security policies and procedures current and aligned with evolving standards and business needs

• Provide practical security guidance to developers and other team members: security by education, not just enforcement

• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team

Qualifications

• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles

• Proven track record of leading compliance

• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)

• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams

• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done

• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers