InfoSec and Compliance Lead

Do you want to superpower engineering? We’re a team of scientists, engineers, and creative thinkers working to build AI systems that solve intractable problems. We have ambitious plans moving forward… it’s very exciting!

We are seeking an Information Security & Compliance Lead to autonomously own, run, and evolve Monolith’s information security strategy and practices. This role requires a balance of technical expertise, regulatory and compliance knowledge, and the ability to influence and educate colleagues across the organisation. The successful candidate will ensure that Monolith not only maintains compliance with current frameworks and legislation (e.g., GDPR, ISO27001) but also proactively aligns with emerging standards related to AI, cloud computing, and personal data.

This role sits at the intersection of business, policy, and technology, ensuring that information security supports our mission, protects our clients, and scales with our growth.

Location: Remote (Monolith HQ is headquartered in London, UK)
Reports To: Director of Operations

You'll be responsible for:

Information Security Ownership

• Act as the primary owner for information security within Monolith, maintaining policies, controls, and frameworks.
• Manage technical security across our cloud infrastructure, ensuring best practices for access, monitoring, and data protection.

Compliance & Governance

• Lead in-house ISO27001 compliance programme, including audits, documentation, and certification renewal.
• Ensure GDPR compliance across technical systems, business operations, and supplier relationships.
• Research, evaluate, and apply relevant standards and regulations affecting AI, cloud computing, and personal data.

Supplier & Vendor Security Management

• Establish and maintain a vendor risk management programme, including due diligence, contract reviews, and ongoing monitoring.

Education & Culture

• Build a security-first culture by educating employees on security best practices, awareness, and compliance obligations.
• Engage and influence senior leadership to embed information security into business decision-making.

Continuous Improvement

• Stay ahead of evolving threats, regulations, and industry standards to ensure Monolith remains compliant and competitive.
• Recommend and implement security tooling, automation, and monitoring improvements.

A bit about you:

Requirements:

• 4-7 years of experience in information security, compliance, or related roles
• Hands-on experience with ISO27001 compliance (audits, certification, renewals)
• Strong knowledge of GDPR requirements across technical and business operations
• Solid understanding of cloud infrastructure security (AWS, Azure, or GCP)
• Experience with supplier/vendor risk management
• Excellent communication skills with the ability to educate colleagues and influence senior leaders
• Proactive, analytical, and comfortable working autonomously

Nice to have:

• ISO27001 Lead Implementer or Auditor certification
• Professional security certifications (e.g., CISSP, CISM, CCSK).
• Data protection certification (CIPP/E, CIPM)

What We Offer

At Monolith, you’ll join a fast-growing AI scale-up where security and compliance are critical to our success. We offer competitive compensation, flexible working arrangements, and a culture that values autonomy, trust, and collaboration. You’ll have the freedom to shape our information security approach end-to-end, access to personal development and certification support, and the opportunity to make a tangible impact on how AI and cloud technologies are adopted securely across industries.

This role is perfect for someone who thrives on ownership and impact — a security professional who enjoys working hands-on while also shaping business-wide practices. It’s ideal for a candidate with strong knowledge of ISO27001, GDPR, and cloud security who wants to step beyond a purely technical role and influence at a company-wide level. If you’re excited by the chance to be both the guardian and educator of security within a high-growth AI company, and want to future-proof compliance against emerging AI and data standards, this role is for you.