Skip to content

IT Security & Compliance Lead

Wordsmith AIEdinburgh, SCT, UKJuly 11, 2026
Hybrid
Full-time
Security Engineering
Management

I.T Security, Privacy & AI Governance Lead

Edinburgh

Wordsmith

Wordsmith is building the AI-enabled command centre for in-house legal teams.

Our customers are some of the most demanding enterprise legal departments in the world, and they hold us to a high bar on how we secure our systems, devices, and infrastructure.

We're looking for someone to build the IT security function that keeps that trust intact as we scale.

The Role

Security, Privacy & AI Governance Leads make sure Wordsmith's systems, devices, and infrastructure stay secure as the company grows.

You'll build our IT security function from the ground up — covering device management, identity and access, infrastructure controls, and incident response — while also owning the compliance and AI governance work that keeps enterprise customers confident in how we operate.

It's a hands-on, build-it-yourself role. You'll choose the tooling, set the controls, and make sure security is baked into how the company operates day to day, not bolted on afterwards.

What You'll Do

IT Security & Device Management

  • Own device compliance and mobile device management (MDM) across the company, using tools like Jamf or Intune to keep endpoints secure and compliant.

  • Manage identity and access management (IAM) — provisioning, access reviews, and least-privilege controls — using tools like Okta.

  • Own infrastructure and cloud security controls across our environment (e.g. AWS), working closely with Engineering to keep systems hardened.

Security Operations & Incident Response

  • Lead security incident response — full lifecycle investigations, coordinating with internal teams and external partners (e.g. SOCaaS providers), and running post-incident reviews and tabletop exercises.

  • Operate and tune security monitoring and detection tooling (EDR, DLP, SIEM, or similar) to catch and respond to threats quickly.

Compliance & Certification

  • Own SOC 2 Type II and ISO 27001/27017/27018 end-to-end, from policy design through to audit evidence and the audits themselves.

  • Automate evidence collection to cut audit overhead and keep the program running without heavy manual effort.

AI Governance & Vendor Risk

  • Assess third-party vendors and AI tools for security and privacy risk before they're adopted, and put the right safeguards in place.

  • Support Wordsmith's AI governance program, including risk reviews tied to how AI is used across the product.

Customer & Deal Support

  • Partner with Sales, Customer Success, and Legal to support enterprise deals — security questionnaires, DPAs, and contract terms — without slowing the business down.

  • Manage our Trust Center, giving customers self-service access to our security and compliance documentation.

What we're looking for

Essential

  • Experience running IT security operations at a fast-growing SaaS company, including device management and identity and access management.

  • Hands-on experience with MDM platforms such as Jamf or Intune.

  • Hands-on experience with IAM tooling (e.g. Okta) and cloud infrastructure security (e.g. AWS).

  • Experience leading security incident response, from investigation through to post-incident review.

  • Working knowledge of SOC 2 and the ISO 27000 series.

  • Comfortable evaluating and operating security tooling such as EDR, DLP, or SIEM platforms.

  • A strong cross-functional operator, comfortable bridging IT, Security, Engineering, and GTM teams.

Valued

  • Exposure to privacy regulation (e.g. GDPR) and AI governance frameworks (e.g. ISO 42001).

  • Relevant certifications — e.g. CISSP/ISC2, CCSK, CIPP/E, or AIGP.

  • Experience in legal tech, AI, or another highly regulated SaaS environment.

  • Familiarity with tools such as Vanta, Crowdstrike, Zscaler, Datadog, or Whistic.

Why this role matters

The trust enterprise legal teams place in us depends on how well we secure our systems and devices — this role is central to that.

Your work will directly shape how the company handles security operations, device management, and infrastructure risk as we scale globally.

You will have the autonomy to build this function from scratch — this is a high-ownership role at a company moving fast.

What you can expect

The chance to build an IT security function from the ground up, with real ownership over how it's shaped.

Close collaboration with Engineering, Legal, and GTM in an environment where your work has visible, immediate impact.

How we work

We're an in-office team in Edinburgh. We work together because it helps us collaborate closely across product, engineering, and legal teams. You should expect to be in the office as your default.

This is a high ownership role. You'll be trusted to run projects, work directly with customers, and drive outcomes without heavy oversight.

Job Details

Experience

Management

Tools & Tech

AWS
CrowdStrike
Datadog
Intune
Jamf
Okta
Vanta
Zscaler

Preferred Certs

CIPP
CISSP