Role Overview
SymphonyAI is seeking a Security Assurance & ISMS Manager to play a key role in delivering our information security assurance, compliance, and customer assurance activities.
This is a hands‑on, delivery‑focused role responsible for operating the Information Security Management System (ISMS), executing SOC 2 and ISO/IEC 27001 audits, managing evidence, and supporting customer security due‑diligence and RFP activities.
The role works closely with a senior Governance, Risk & Assurance Manager and may deputise on operational matters when required. While not a strategic leadership role, it requires independence, judgement, and exceptional communication skills.
Job Description
What You’ll Do
ISMS & Compliance Operations
- Operate and maintain the organisation’s ISMS
- Maintain policies, procedures, risk registers, Statements of Applicability (SoA), and related artefacts
- Track control ownership, review cycles, exceptions, and corrective actions
- Support internal audits and management reviews
Audit & Evidence Execution
- Lead evidence collection and organisation for SOC 2 and ISO/IEC 27001
- Work with engineering, IT, product, and business teams to obtain high‑quality, defensible evidence
- Manage routine auditor interactions, portals, and follow‑up questions
- Track audit findings through remediation and closure
Assurance & Automation Support
- Support the use of compliance automation and assurance tooling
- Bridge automated assurance outputs (dashboards, metrics, system evidence) with traditional audit requirements
- Ensure both automated and manual assurance processes are accurate, consistent, and audit‑ready
Customer Due‑Diligence & RFP Support
- Support customer security questionnaires, due‑diligence requests, and audits
- Provide security inputs for RFPs, RFIs, and pre‑sales activities, where required
- Ensure customer‑facing assurance responses are accurate, consistent, and aligned with audit scope and real operational practices
- Maintain reusable assurance content to reduce repetitive effort and improve response quality
Communication & Stakeholder Engagement
- Draft clear, professional written responses for auditors, customers, and internal stakeholders
- Explain security controls and assurance outcomes in plain, precise language
- Act as a reliable point of contact for routine assurance, ISMS, and customer security queries
- Maintain an exceptionally high standard of written and spoken English
Deputy Responsibilities
- Deputise for the Governance, Risk & Assurance Manager on defined operational matters, including:
- Audit coordination
- Evidence and ISMS oversight
- Routine customer and auditor engagement
What This Role Is Not
- Not a security engineering or SOC role
- Not responsible for designing or implementing technical controls
- Not accountable for setting security strategy or risk appetite
This role focuses on execution, assurance quality, and credibility.
What We’re Looking For
Essential
- 4–7 years’ experience in information security assurance, ISMS management, compliance, or audit support roles
- Strong working knowledge of ISO/IEC 27001 and SOC 2
- Practical experience supporting certification audits and managing evidence
- Experience responding to customer security questionnaires or due‑diligence requests
- Outstanding written and spoken English — clarity and precision are critical
- Strong organisational skills and attention to detail
Desirable
- Experience with compliance automation or GRC tooling
- SaaS, cloud, or regulated‑industry experience
- Exposure to customer‑facing or pre‑sales security activities
About Us
Why Join SymphonyAI
- Play a key role in strengthening security assurance and customer trust
- Work closely with senior security leadership
- Support audits and customer reviews without being trapped in a purely administrative role
- Be part of an organisation evolving toward continual security assurance