Security Assurance Lead

Introduction:

Role Overview

SymphonyAI is seeking a Security Assurance & ISMS Manager to play a key role in delivering our information security assurance, compliance, and customer assurance activities.

This is a hands‑on, delivery‑focused role responsible for operating the Information Security Management System (ISMS), executing SOC 2 and ISO/IEC 27001 audits, managing evidence, and supporting customer security due‑diligence and RFP activities.

The role works closely with a senior Governance, Risk & Assurance Manager and may deputise on operational matters when required. While not a strategic leadership role, it requires independence, judgement, and exceptional communication skills.

Job Description:

What You’ll Do

• Operate and maintain the organisation’s ISMS
• Maintain policies, procedures, risk registers, Statements of Applicability (SoA), and related artefacts
• Track control ownership, review cycles, exceptions, and corrective actions
• Support internal audits and management reviews

• Lead evidence collection and organisation for SOC 2 and ISO/IEC 27001
• Work with engineering, IT, product, and business teams to obtain high‑quality, defensible evidence
• Manage routine auditor interactions, portals, and follow‑up questions
• Track audit findings through remediation and closure

• Support the use of compliance automation and assurance tooling
• Bridge automated assurance outputs (dashboards, metrics, system evidence) with traditional audit requirements
• Ensure both automated and manual assurance processes are accurate, consistent, and audit‑ready

• Support customer security questionnaires, due‑diligence requests, and audits
• Provide security inputs for RFPs, RFIs, and pre‑sales activities, where required
• Ensure customer‑facing assurance responses are accurate, consistent, and aligned with audit scope and real operational practices
• Maintain reusable assurance content to reduce repetitive effort and improve response quality

• Draft clear, professional written responses for auditors, customers, and internal stakeholders
• Explain security controls and assurance outcomes in plain, precise language
• Act as a reliable point of contact for routine assurance, ISMS, and customer security queries
• Maintain an exceptionally high standard of written and spoken English

• Deputise for the Governance, Risk & Assurance Manager on defined operational matters, including:
• Audit coordination
• Evidence and ISMS oversight
• Routine customer and auditor engagement

• Not a security engineering or SOC role
• Not responsible for designing or implementing technical controls
• Not accountable for setting security strategy or risk appetite

This role focuses on execution, assurance quality, and credibility.

What We’re Looking For

• 4–7 years’ experience in information security assurance, ISMS management, compliance, or audit support roles
• Strong working knowledge of ISO/IEC 27001 and SOC 2
• Practical experience supporting certification audits and managing evidence
• Experience responding to customer security questionnaires or due‑diligence requests
• Outstanding written and spoken English — clarity and precision are critical
• Strong organisational skills and attention to detail

• Experience with compliance automation or GRC tooling
• SaaS, cloud, or regulated‑industry experience
• Exposure to customer‑facing or pre‑sales security activities

About Us:

• Play a key role in strengthening security assurance and customer trust
• Work closely with senior security leadership
• Support audits and customer reviews without being trapped in a purely administrative role
• Be part of an organisation evolving toward continual security assurance