Information Security Manager
Introduction:
About SymphonyAI
SymphonyAI is at the forefront of enterprise AI solutions, delivering cutting-edge technology that fosters transformative outcomes for businesses. Our expertise in advanced AI and data analytics empowers organizations across a wide range of industries.The Customer Insights Professional Services team at SymphonyAI is committed to aiding clients in leveraging data integration, analytics, and insights to attain their strategic objectives. We collaborate intimately with our clients to provide solutions that enhance decision-making processes and drive business success.
Job Description:
Role Overview
SymphonyAI is seeking a Governance, Risk and Assurance Manager to play a key role in maturing our information security governance and assurance capabilities.
This is a transformational role. You will be accountable for running our SOC 2 and ISO/IEC 27001 compliance programmes today, while driving a strategic shift toward continuous, risk‑based security assurance that provides leadership and customers with real confidence in our security posture.
The role focuses on assurance and control effectiveness, not control implementation. You will work closely with engineering, security operations, and product teams across a federated organisation, helping us scale securely without slowing innovation.
What You’ll Do
Assurance & Risk (Primary Focus)- Build and operate an assurance‑led security governance model, aligned to SOC 2, ISO/IEC 27001, and industry best practice.
- Provide ongoing assurance that security controls are effective in practice, not just documented.
- Define and report on security risk and control effectiveness metrics for leadership and stakeholders.
- Own and maintain the information security risk management process, supporting informed, risk‑based decision‑making.
- Own and run SymphonyAI’s SOC 2 and ISO/IEC 27001 programmes, including audit planning, evidence management, auditor engagement, and remediation tracking.
- Ensure audits are delivered efficiently and predictably, with minimal disruption to delivery teams.
- Progressively reduce manual, audit‑specific evidence collection by leveraging assurance artefacts, metrics, and operational evidence.
- Support customer security reviews and due‑diligence requests with clear, consistent assurance narratives.
- Act as a trusted advisor to engineering, product, and divisional leadership teams.
- Promote a culture of transparency, learning, and continual improvement in security governance.
- Help evolve the organisation from audit‑driven compliance to continuous assurance.
- Not a security engineering or operations role
- Not a policy‑only or audit‑administration role
- Not responsible for implementing technical controls
Independence from implementation is key to the credibility of the assurance function.
What We’re Looking For
Essential- 7+ years’ experience in information security governance, risk, assurance, or compliance roles
- Strong working knowledge of SOC 2 and ISO/IEC 27001
- Experience running audits while improving underlying assurance maturity
- Ability to communicate security risk and assurance clearly to senior stakeholders
- Experience working in complex, multi‑team or federated environments
- SaaS or cloud‑native security experience
- Familiarity with compliance automation or continuous assurance tooling
- Experience supporting customer security reviews and audits
About Us:
Why Join Us
You’ll have the opportunity to:
- Shape how security assurance is delivered across a growing, global organisation
- Reduce audit fatigue by building sustainable assurance capabilities
- Influence security outcomes without owning day‑to‑day operations
- Play a visible role in strengthening customer and executive trust