The Information Security (InfoSec) Lead is a senior player-manager responsible for establishing and owning the information security policy framework and ISMS. This role leads ISO 27001:2022 certification, governs identity and access management, and ensures security standards are embedded across all engineering teams.

Key Responsibilities

Security Policy and ISMS Ownership

• Establish and maintain the information security policy framework, ISMS risk register, risk treatment plan, and Statement of Applicability (SoA).
• Lead the organisation through ISO 27001:2022 certification and ongoing surveillance audits; coordinate all departments on control implementation and evidence.
• Conduct periodic policy reviews to ensure alignment with regulatory requirements and evolving threat landscapes.

Identity, Access and Secure Development

• Design and implement IAM controls including SSO, ...