Information / Cyber Security Lead

Information / Cyber Security Lead

Role

Hands-on information security lead responsible for driving and maintaining ISO 27001 compliance across the team's SaaS products hosted on Azure. You'll own the day-to-day execution of security controls, lead internal and external audit engagements, coordinate across developers, DevOps, product, and management, and ensure compliance activities are embedded in how the team actually works, not treated as a separate audit exercise.

Responsibilities:

• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness
• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation
• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits
• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses
• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment
• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team
• Monitor and respond to security incidents; maintain and test incident response procedures
• Conduct regular risk assessments and translate findings into concrete, actionable remediation work
• Keep security policies and procedures current and aligned with evolving standards and business needs
• Provide practical security guidance to developers and other team members: security by education, not just enforcement
• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team

Qualifications

• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles
• Proven track record of leading compliance
• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)
• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams
• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done
• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers

Nice to have

• Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent
• Experience securing SaaS products across web and mobile (iOS/Android)
• Familiarity with GDPR compliance requirements in a European operating context
• Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent
  

ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.