Information Security Engineer

We are seeking a proactive and detail-oriented Information Security Engineer to own and operate our information security program. This is a critical hybrid role responsible for maintaining our security and compliance posture across multiple frameworks (ISO 27001, ISO 27017, SOC 2) while also managing and implementing the technical security controls that protect our business and customers.

You will be the central point of contact for all things security, working closely with stakeholders across Engineering, Product, and Operations to ensure our systems are secure, our controls are effective, and we are always prepared for audits.

Key Responsibilities

• Compliance & Governance:

• Own, maintain, and continually improve our Information Security Management System (ISMS) to ensure compliance with ISO 27001, ISO 27017, and SOC 2 standards.

• Manage the annual audit cycle, liaising with external auditors and internal teams to ensure a smooth and successful outcome.
• Maintain key security artefacts, including the risk register, asset inventory, and access control records, by collaborating with stakeholders across the business.

• Respond to customer and prospect security questionnaires (RFIs/RFPs), effectively communicating our security posture.

• Security Operations & Engineering:

• Implement, configure, and manage key security systems, including email filtering, Microsoft 365 Defender, endpoint protection, and vulnerability scanning tools.

• Coordinate and manage third-party penetration testing, and track remediation of identified vulnerabilities with the engineering teams.

• Assess and drive the implementation of technical security controls and best practices (e.g., DKIM/DMARC, MFA, secure configuration).

• Risk & Awareness:

• Identify, assess, and document new information security risks, and propose effective mitigation strategies.

• Promote a culture of security awareness throughout the company by running phishing simulations and managing our security training program via our Learning Management System (LMS).
• Act as the subject matter expert on information security, providing guidance and support to all employees.

What We're Looking For

• Essential Experience:

• Proven experience in a security role with direct responsibility for managing or contributing to an ISMS under ISO 27001 and/or SOC 2 frameworks.

• Hands-on experience implementing and managing security tools and technologies.
• Strong understanding of risk assessment methodologies and experience maintaining a risk register.
• Excellent communication and stakeholder management skills, with the ability to translate technical concepts for non-technical audiences.
• Experience coordinating security audits and interacting with external auditors.

• A solid grasp of core security domains: network security, application security, cloud security (AWS/Azure/GCP), and identity & access management.

• Desirable Skills:

• Relevant industry certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Auditor).

• Experience with security in a cloud-native environment.
• Familiarity with data protection regulations such as GDPR.

Why Join Us?

Build your career at Solidatus:

• Make an impact: Your work directly empowers global organisations by making data flows understandable. See your code make a difference quickly in our agile setup.
• Own and innovate: Tackle challenging data lineage and integration problems with freedom. Explore new tech, make architectural decisions, and shape our product, including working with our evolving AI capabilities and using AI tools. We encourage innovation through R&D time and hackathons.
• Grow your career: We are a rapidly scaling company offering significant development opportunities, mentorship, and leadership roles.
• Vibrant, collaborative culture: Join a passionate, high-impact global team. Your voice is heard, expertise valued, and we regularly share progress and insights.

If you love solving complex data lineage challenges, thrive on technical ownership, and want to make your mark in a growing company understanding data flows, we want to hear from you