ISO 27001 Lead Auditor - Security and Compliance Manager

Elevate is recruiting an Security and Compliance Manager to join our high-performing team.

This role is essential for achieving and maintaining key regulatory and security certifications, such as ISO 27001, SOC2 and HIPAA and addressing customer information requests.

Specifically, the Security and Compliance Manager will

• ISO 27001 Program Lead: Own and manage the Information Security Management System (ISMS) in accordance with the ISO 27001 standard. This includes coordinating all stages of internal and external audits.
• Audit Execution: Plan, lead, and report on internal security and compliance audits to identify control weaknesses and ensure audit readiness for external assessments (e.g., ISO 27001, SOC 2, HIPAA).
• Remediation Tracking: Manage the closure of findings (Non-Conformities) identified during audits, working with engineering and operations teams to implement corrective actions.

• Policy Management: Develop, write, and maintain a comprehensive suite of security policies, standards, and procedures to enforce compliance across the organization.
• Training & Awareness: Create and deliver security awareness and compliance training programs to ensure all employees understand their security responsibilities.
• Contract Review: Assist Legal and Procurement teams by reviewing security clauses in vendor contracts and customer agreements to ensure alignment with internal policies.
• Customer Facing Responsibilities. Respond to customer's request for information in a clear manner that reflects Elevate's security and privacy practices accurately.

• Risk Assessment: Lead regular, formal risk assessment activities, maintaining the risk register, and tracking residual risks to acceptable levels.
• Vulnerability Management Integration: Work with security operations to ensure identified vulnerabilities and threats are correctly incorporated into the organizational risk profile.
• Reporting: Prepare and present regular reports on the compliance status, key risks, and audit progress to senior leadership and management.

• 10+ years of experience in Information Security, with at least 5 years focused on GRC, compliance, and auditing.
• Has experience leading ISO 27001 certification and audit cycles for at least 5 years.

• Excellent technical writing skills on policy and procedure development, and significant experience in customer facing communications.

• Working knowledge of common security frameworks (e.g., SOC 2, NIST CSF).
• Working knowledge on SOC2 and HIPAA a plus

• Bachelor's degree in Computer science/ Information technology
• Mandatory: ISO 27001 Lead Auditor certification

Company Information

Elevate is a law company. We provide software and services for the intersection of business and law. Our legal, business, and technology professionals offer practical ways for global law departments and law firms to improve efficiency, quality, and business outcomes.

Our most recent achievements and distinctions include:

• Certified as one of the UK's Best Workplaces® for Development 2025 by Great Place to Work®
• Certified as a Great Place to Work® 2025 in the US, UK, India, and Philippines
• For the tenth consecutive year, in 2025, Chambers & Partners named Elevate as a Top global services provider, ranking us as Band 1 (highest ranking) in all applicable categories (Contract Lifecycle Management, Litigation Services, and Flexible Legal Staffing) and as an Alternative Legal Service Provider in Asia-Pacific
• Newsweek named Elevate one of 'America's Greatest Workplaces in Professional Services' for 2025 and previously awarded it the highest rating in the 'America's Greatest Workplaces for Diversity' and 'America's Greatest Workplaces for 2024' lists
• For the fourth year in a row, Elevate's integrated law firm is designated as a top law firm in Commercial Litigation in the 2024 edition of Best Lawyers/US News & World Report Best Law Firms
• Elevate named a top ALSP in Asia by Thomson Reuters' Asian Legal Business in 2024
• Winner, Inc. 5000 Fastest-Growing Private Companies: 2022, 2021, 2020, 2018, 2017, and 2016

See more jobs at https://elevate.law/careers/

Follow our Flexible Legal Resourcing Community https://www.linkedin.com/company/elevate-flexible-legal-resourcing/