Role We are building our information security function from the ground up. As our first Information Security Manager / GRC Lead, you will be the operational owner of Flam's entire compliance programme and working hands-on in Scrut.io to drive ISO 27001:2022 and SOC 2 Type I certification within 3–4 months. This is a high-impact, high-visibility role at a company whose core product is AI — meaning you will be helping define what responsible AI security looks like in practice, not just checking boxes. What You'll Own ISO 27001 & SOC 2 Implementation • Drive end-to-end implementation of ISO 27001:2022 across all 88 applicable Annex A controls and SOC 2 Trust Service Criteria, using Scrut.io as the single source of truth • Own the Statement of Applicability (SoA), risk register, risk treatment plan, and all ISMS documentation • Coordinate evidence collection across Engineering, DevOps, HR, Finance, and Sales — translating control requirements into actionable tasks for each team • Manage th...