Lead - Governance, Risk & Compliance

Role

We are building our information security function from the ground up. As our first Information Security Manager / GRC Lead, you will be the operational owner of Flam‘s entire compliance programme and working hands-on in Scrut.io to drive ISO 27001:2022 and SOC 2 Type I certification within 3–4 months. This is a high-impact, high-visibility role at a company whose core product is AI — meaning you will be helping define what responsible AI security looks like in practice, not just checking boxes.

What You‘ll Own

ISO 27001 & SOC 2 Implementation

• Drive end-to-end implementation of ISO 27001:2022 across all 88 applicable Annex A controls and SOC 2 Trust Service Criteria, using Scrut.io as the single source of truth

• Own the Statement of Applicability (SoA), risk register, risk treatment plan, and all ISMS documentation

• Coordinate evidence collection across Engineering, ...