Overview

We’re looking for a skilled Information Security Officer (ISO) to join Definely at a pivotal stage of growth. In this role, you’ll take ownership of implementing and maintaining our security standards, supporting compliance programs, and promoting secure practices across engineering and business teams. You’ll ensure our systems and processes align with ISO 27001 and SOC 2 requirements, contribute to risk assessments, and support incident response activities. Working closely with product and engineering teams, you’ll help embed security into the design of our Microsoft Word add-ins and AI-driven features. As we scale, you’ll provide IT support across the business, helping to manage devices, onboard new team members, and support day-to-day IT operations to ensure our people can work securely and efficiently. This is an exciting opportunity to have a direct impact on the security posture of a fast-growing LegalTech company, helping safeguard enterprise customers’ most sensitive data while also shaping how we scale IT and security together.

What you'll do

• Governance & Compliance
  • Own and evolve Definely’s Information Security Management System (ISMS).
  • Lead ISO 27001 and SOC 2 Type II audits, ensuring controls remain effective.
  • Manage customer due diligence requests and run Definely’s SafeBase-powered Trust Center; streamline customer security questionnaires, DPAs, and RFP security sections.

Product & Engineering Partnership

• Embed secure SDLC practices across product teams, from design to release.
• Perform threat modelling, define non-functional security requirements, and review designs for security impact.
• Guide security considerations in our AI/LLM-enabled products.

Risk & Incident Management

• Own the company-wide incident response plan and lead tabletop exercises.
• Perform ongoing risk assessments, vendor security reviews, and DPIAs.
• Ensure strong access management, secrets management, and cloud security hygiene.

IT Support & Operations

• Provide day-to-day IT support for employees, including device management, troubleshooting, and access provisioning.
• Support onboarding and offboarding processes to ensure secure and efficient setup of accounts, devices, and permissions.
• Help scale internal IT processes and tooling as the company grows.

Enablement & Communication

• Train staff and raise security awareness across the business.
• Communicate risks and incidents clearly to technical and non-technical stakeholders.

What you'll bring

• Hands-on experience in information security, ideally within a SaaS or product-led environment.
• Proven success leading or supporting ISO 27001 and/or SOC 2 Type I/II compliance programs.
• Deep understanding of secure SDLC practices, including threat modelling and design reviews for security impact.
• Experience securing AI/LLM features, including agentic workflows, retrieval systems, and data privacy risks.
• Strong practical knowledge of cloud security (Azure or AWS), access management, secrets handling, and incident response.
• Experience managing internal IT operations in a scaling company, including device management (MDM), SaaS administration, and identity tooling (SSO, IAM).
• Excellent communication skills, with a proven ability to engage cross-functional teams and handle customer security assessments and due diligence.
• Certifications (CISSP, CISM, CCSK, ISO 27001 LA).
• Bachelor’s Degree in Computer Science, Information Security, or a related field.
• Hands-on experience with IT operations in a scaling business (e.g., device management, MDM solutions, SaaS administration, SSO/identity tools).

What we offer

• Competitive Compensation: A salary package aligned with your experience and impact.
• Meaningful Stock Options: Be rewarded for growing with the company
• Annual Bonus scheme: Eligible for the company bonus scheme.
• Real Impact & Growth: Be part of a scaling company where your work truly moves the needle.
• High-Performance Culture: Collaborate with ambitious, high-calibre teammates who raise the bar.
• Private Healthcare: Vitality healthcare, including Dental and Optical.
• Generous Time Off: 25 days of annual leave plus UK public holidays.
• Pension Plan: Competitive scheme to help plan for your future.
• Work From Anywhere Policy: Spend up to a month a year working abroad
• Enhanced Parental Leave: Inclusive policies that support working families.
• Top-Quality Equipment: Modern tech and ergonomic setups to help you do your best work.

About Definely

Definely is revolutionising how legal professionals access and understand information in complex documents. Our LegalTech solutions integrate directly into legal workflows, enabling teams to draft, review, and interpret contracts more efficiently, without breaking focus. We’re recognised among the Top 25 in Deloitte’s UK Technology Fast 50 and backed by Revaia, Microsoft, Google, and Octopus Ventures. Trusted by firms like A&O Shearman, Dentons, Deloitte, and Barclays, we’re building tools that empower legal teams to work smarter and reduce risk. At Definely, you’ll be part of a mission-driven, collaborative, and ambitious team committed to innovation and growth.

Data Privacy Notice

By submitting your application, you agree that Definely may collect, process, and store your personal data as part of our recruitment process. We will use the information you provide to assess your qualifications for the role you are applying for and to communicate with you regarding your application. Your personal data will be stored for up to 12 months, after which it will be securely deleted unless we have another lawful basis to retain it. You have the right to access, correct, or request the deletion of your data at any time. For more details on how we handle your personal data, please contact hr@definely.com. If you have concerns about how your data is processed, please contact us.