Introduction
About SymponyAI
At SymphonyAI, we are building the leading AI SaaS company for enterprise transformation across the most critical industry sectors. We provide focused AI applications designed to rapidly solve challenging business problems and deliver breakthrough insights, increasing operational efficiencies and growing revenue for customers.
Job Description
Role Overview
SymphonyAI is seeking a Security Assurance & ISMS Manager to play a key role in delivering our information security assurance, compliance, and customer assurance activities.
This is a hands‑on, delivery‑focused role responsible for operating the Information Security Management System (ISMS), executing SOC 2 and ISO/IEC 27001 audits, managing evidence, and supporting customer security due‑diligence and RFP activities.
The role works closely with a senior Governance, Risk & Assurance Manager and may deputise on operational matters when required. While not a strategic leadership role, it requires independence, judgement, and exceptional communication skills.
What You'll Do
ISMS & Compliance Operations
- Operate and maintain the organisation's ISMS
- Maintain policies, procedures, risk registers, Statements of Applicability (SoA), and related artefacts
- Track control ownership, review cycles, exceptions, and corrective actions
- Support internal audits and management reviews
Audit & Evidence Execution
- Lead evidence collection and organisation for SOC 2 and ISO/IEC 27001
- Work with engineering, IT, product, and business teams to obtain high‑quality, defensible evidence
- Manage routine auditor interactions, portals, and follow‑up questions
- Track audit findings through remediation and closure
Assurance & Automation Support
- Support the use of compliance automation and assurance tooling
- Bridge automated assurance outputs (dashboards, metrics, system evidence) with traditional audit requirements
- Ensure both automated and manual assurance processes are accurate, consistent, and audit‑ready
Customer Due‑Diligence & RFP Support
- Support customer security questionnaires, due‑diligence requests, and audits
- Provide security inputs for RFPs, RFIs, and pre‑sales activities, where required
- Ensure customer‑facing assurance responses are accurate, consistent, and aligned with audit scope and real operational practices
- Maintain reusable assurance content to reduce repetitive effort and improve response quality
Communication & Stakeholder Engagement
- Draft clear, professional written responses for auditors, customers, and internal stakeholders
- Explain security controls and assurance outcomes in plain, precise language
- Act as a reliable point of contact for routine assurance, ISMS, and customer security queries
- Maintain an exceptionally high standard of written and spoken English
Deputy Responsibilities
- Deputise for the Governance, Risk & Assurance Manager on defined operational matters, including:
- Audit coordination
- Evidence and ISMS oversight
- Routine customer and auditor engagement
What This Role Is Not
- Not a security engineering or SOC role
- Not responsible for designing or implementing technical controls
- Not accountable for setting security strategy or risk appetite
This role focuses on
execution, assurance quality, and credibility.
Essential
What We're Looking For
- 4-7 years experience in information security assurance, ISMS management, compliance, or audit support roles
- Strong working knowledge of ISO/IEC 27001 and SOC 2
- Practical experience supporting certification audits and managing evidence
- Experience responding to customer security questionnaires or due‑diligence requests
- Outstanding written and spoken English — clarity and precision are critical
- Strong organisational skills and attention to detail
Desirable
- Experience with compliance automation or GRC tooling
- SaaS, cloud, or regulated‑industry experience
- Exposure to customer‑facing or pre‑sales security activities
About Us
Why Join SymphonyAI
- Play a key role in strengthening security assurance and customer trust
- Work closely with senior security leadership
- Support audits and customer reviews without being trapped in a purely administrative role
- Be part of an organisation evolving toward continual security assurance
