Information Security and Compliance Lead
Negotiable
Location:
Remote (Monolith HQ is headquartered in London, UK)Reports To:
Director of OperationsOverview
We are seeking an
Information Security and Compliance Lead
to autonomously own, run, and evolve Monolith’s information security strategy and practices. This role requires a balance of technical expertise, regulatory and compliance knowledge, and the ability to influence and educate colleagues across the organisation. The successful candidate will ensure that Monolith not only maintains compliance with current frameworks and legislation (e.g., GDPR, ISO27001) but also proactively aligns with emerging standards related to AI, cloud computing, and personal data. This role sits at the intersection of business, policy, and technology, ensuring that information security supports our mission, protects our clients, and scales with our growth.Responsibilities
Information Security Ownership
Act as the primary owner for information security within Monolith, maintaining policies, controls, and frameworks.Manage technical security across our cloud infrastructure, ensuring best practices for access, monitoring, and data protection.
Compliance and Governance
Lead in-house ISO27001 compliance programme, including audits, documentation, and certification renewal.Ensure GDPR compliance across technical systems, business operations, and supplier relationships.Research, evaluate, and apply relevant standards and regulations affecting AI, cloud computing, and personal data.
Supplier and Vendor Security Management
Establish and maintain a vendor risk management programme, including due diligence, contract reviews, and ongoing monitoring.
Education and Culture
Build a security-first culture by educating employees on security best practices, awareness, and compliance obligations.Engage and influence senior leadership to embed information security into business decision-making.
Continuous Improvement
Stay ahead of evolving threats, regulations, and industry standards to ensure Monolith remains compliant and competitive.Recommend and implement security tooling, automation, and monitoring improvements.
Qualifications
Requirements:
4-7 years of experience in information security, compliance, or related rolesHands-on experience with ISO27001 compliance (audits, certification, renewals)Strong knowledge of GDPR requirements across technical and business operationsSolid understanding of cloud infrastructure security (AWS, Azure, or GCP)Experience with supplier/vendor risk managementExcellent communication skills with the ability to educate colleagues and influence senior leadersProactive, analytical, and comfortable working autonomously
Nice to have:
ISO27001 Lead Implementer or Auditor certificationProfessional security certifications (e.g., CISSP, CISM, CCSK)Data protection certification (CIPP/E, CIPM)
What We Offer
At Monolith, you’ll join a fast-growing AI scale-up where security and compliance are critical to our success. We offer competitive compensation, flexible working arrangements, and a culture that values autonomy, trust, and collaboration. You’ll have the freedom to shape our information security approach end-to-end, access to personal development and certification support, and the opportunity to make a tangible impact on how AI and cloud technologies are adopted securely across industries.This role is perfect for someone who thrives on ownership and impact — a security professional who enjoys working hands-on while also shaping business-wide practices. It’s ideal for a candidate with strong knowledge of ISO27001, GDPR, and cloud security who wants to step beyond a purely technical role and influence at a company-wide level. If you’re excited by the chance to be both the
guardian and educator
of security within a high-growth AI company, and want to future-proof compliance against emerging AI and data standards, this role is for ..... full job details .....
Negotiable