Wordsmith
IT Security & Compliance Lead
New
EuropeLeadRemotejamfintuneoktaaws
Lead the IT security function focusing on device management, identity and access, infrastructure controls, and compliance at Wordsmith.
Responsibilities
- Security, Privacy & AI Governance Leads make sure Wordsmith's systems, devices, and infrastructure stay secure as the company grows.
- You'll build our IT security function from the ground up — covering device management, identity and access, infrastructure controls, and incident response — while also owning the compliance and AI governance work that keeps enterprise customers confident in how we operate.
- It's a hands-on, build-it-yourself role. You'll choose the tooling, set the controls, and make sure security is baked into how the company operates day to day, not bolted on afterwards.
Other
- Wordsmith is building the AI-enabled command centre for in-house legal teams.
- Our customers are some of the most demanding enterprise legal departments in the world, and they hold us to a high bar on how we secure our systems, devices, and infrastructure.
- We're looking for someone to build the IT security function that keeps that trust intact as we scale.
- Own device compliance and mobile device management (MDM) across the company, using tools like Jamf or Intune to keep endpoints secure and compliant.
- Manage identity and access management (IAM) — provisioning, access reviews, and least-privilege controls — using tools like Okta.
- Own infrastructure and cloud security controls across our environment (e.g. AWS), working closely with Engineering to keep systems hardened.
- Lead security incident response — full lifecycle investigations, coordinating with internal teams and external partners (e.g. SOCaaS providers), and running post-incident reviews and tabletop exercises.
- Operate and tune security monitoring and detection tooling (EDR, DLP, SIEM, or similar) to catch and respond to threats quickly.
- Own SOC 2 Type II and ISO 27001/27017/27018 end-to-end, from policy design through to audit evidence and the audits themselves.
- Automate evidence collection to cut audit overhead and keep the program running without heavy manual effort.
- Assess third-party vendors and AI tools for security and privacy risk before they're adopted, and put the right safeguards in place.
- Support Wordsmith's AI governance program, including risk reviews tied to how AI is used across the product.
- Partner with Sales, Customer Success, and Legal to support enterprise deals — security questionnaires, DPAs, and contract terms — without slowing the business down.
- Manage our Trust Center, giving customers self-service access to our security and compliance documentation.
- Experience running IT security operations at a fast-growing SaaS company, including device management and identity and access management.
- Hands-on experience with MDM platforms such as Jamf or Intune.
- Hands-on experience with IAM tooling (e.g. Okta) and cloud infrastructure security (e.g. AWS).
- Experience leading security incident response, from investigation through to post-incident review.
- Working knowledge of SOC 2 and the ISO 27000 series.
- Comfortable evaluating and operating security tooling such as EDR, DLP, or SIEM platforms.
- A strong cross-functional operator, comfortable bridging IT, Security, Engineering, and GTM teams.
- Exposure to privacy regulation (e.g. GDPR) and AI governance frameworks (e.g. ISO 42001).
- Relevant certifications — e.g. CISSP/ISC2, CCSK, CIPP/E, or AIGP.
- Experience in legal tech, AI, or another highly regulated SaaS environment.
- Familiarity with tools such as Vanta, Crowdstrike, Zscaler, Datadog, or Whistic.
- The trust enterprise legal teams place in us depends on how well we secure our systems and devices — this role is central to that.
- Your work will directly shape how the company handles security operations, device management, and infrastructure risk as we scale globally.
- You will have the autonomy to build this function from scratch — this is a high-ownership role at a company moving fast.
- The chance to build an IT security function from the ground up, with real ownership over how it's shaped.
- Close collaboration with Engineering, Legal, and GTM in an environment where your work has visible, immediate impact.
- We're an in-office team in Edinburgh. We work together because it helps us collaborate closely across product, engineering, and legal teams. You should expect to be in the office as your default.
- This is a high ownership role. You'll be trusted to run projects, work directly with customers, and drive outcomes without heavy oversight.