Information Security Specialist

Information Security Specialist ABOUT US Legora is on a mission: to redefine how legal work gets done. From the very start we have been very clear about the fact that we are not building a solution for lawyers, we are building it with them, because it is the only way to make sure it gets done the right way; working side-by-side every step of the way. Our AI-native workspace empowers legal professionals not just to work faster - but to ask better questions, unlock new insights. Every day, we push the boundaries of legal tech to make complex processes smarter, faster, and more human. From thousands of documents analysed in minutes to intelligent workflows designed in collaboration with leading practices, we’re turning possibility into reality. Today we are trusted by global firms like Cleary Gottlieb, Goodwin, Bird & Bird and Linklaters in over 40 countries, but we have no plans on stopping here. We ship fast, we iterate effectively, and we scale rapidly - not by accident, but by design. When you join Legora, you become part of a team that believes "good enough" isn’t good enough and that the way to win is together, by empowering lawyers to do their best work with technology that truly understands them. If you’re excited by building from first principles, working with exceptional people, and accelerating change in a high-stakes, high-impact domain—then this is the moment and the place. WE’RE NOT JUST SHAPING THE FUTURE OF LEGAL TECH — WE’RE DEFINING IT. READY TO JOIN US IN BUILDING THE INTELLIGENT FUTURE OF LAW? The role At Legora, protecting our clients' highly sensitive legal data is fundamental to everything we do. We're building a security and compliance program designed for the AI era: Zero Trust architecture, rigorous governance, and continuous compliance as non-negotiables. We are expanding our security team with Information Security specialist to help shape, drive, and scale our governance, risk, and compliance programs. You will work at the intersection of policy, risk management, audit readiness, and cutting-edge technology to ensure we maintain ISO 27001, SOC 2 Type II, and ISO 42001 compliance while enabling the business to move fast. This is a hands-on, high-impact role where you'll manage our Information Security Management System (ISMS), conduct risk assessments, coordinate audits, and serve as a trusted advisor to both internal teams and external clients. Your strength will be your knowledge of the E2E processes of how our product is built. You will utilize this to treat security risks in a modern way that fits our modern tech stack. What you will be doing: - Own and maintain the ISMS in accordance with ISO 27001 and ISO 42001, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved. - Lead the company's compliance efforts for SOC 2 Type II and support future SOX ITGC readiness, working closely with Finance and Engineering to map business processes and establish IT controls. - Develop, implement, and maintain information security policies, standards, and procedures that are lightweight, actionable, and aligned with regulatory frameworks including GDPR, ISO 27001, SOC 2, and ISO 42001. - Conduct regular risk assessments, threat modeling, and gap analyses to identify security risks and prioritize remediation efforts across the organization. - Coordinate internal and external audits, penetration tests, and compliance assessments — ensuring continuous audit readiness and managing remediation plans. - Manage vendor risk by conducting third-party security reviews, due diligence assessments, and ongoing vendor monitoring. - Be a primary point of contact for client security questionnaires, due diligence requests and contractual security commitments. - Support secure AI governance by defining policies and controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001. - Drive security awarenes ... (truncated, view full listing at source)