Information Security Specialist (AI/LegalTech)

TL;DR

Information Security Specialist (AI/LegalTech): Shaping, driving, and scaling governance, risk, and compliance programs within an AI-native legal tech environment with an accent on maintaining ISO 27001, SOC 2 Type II, and ISO 42001 compliance while enabling business agility. Focus on managing the Information Security Management System, conducting risk assessments, coordinating audits, and advising internal and external stakeholders on security risks, especially in modern tech stacks and AI workflows.

Location: Must be based in the United States due to US-specific benefits and legal requirements.

Salary: $170,000–$250,000 USD

Company

hirify.global is an AI-native legal tech company redefining legal work by empowering professionals with intelligent tools and trusted by global firms in over 40 countries.

What you will do

• Own and maintain the Information Security Management System (ISMS) for ISO 27001 and ISO 42001.
• Lead compliance efforts for SOC 2 Type II and support SOX ITGC readiness, mapping processes and establishing IT controls.
• Develop and maintain information security policies aligned with GDPR, ISO 27001, SOC 2, and ISO 42001.
• Conduct regular risk assessments, threat modeling, and gap analyses to prioritize remediation.
• Coordinate internal/external audits, penetration tests, and manage vendor risk through security reviews.
• Act as primary contact for client security questionnaires and support secure AI governance.

Requirements

• 9+ years of experience in GRC, information security, compliance, or audit roles, or as an experienced software engineer transitioning to InfoSec.
• Hands-on experience implementing compliance programs for ISO 27001, SOC 2 Type II, SOX ITGC, NIST 800-53.
• Knowledge of governance frameworks, risk management, and data protection regulations (GDPR, CCPA, ISO 42001).
• Understanding of Zero Trust principles and OWASP Top 10 risks.
• Ability to engage with technical teams on cloud security (Azure), infrastructure-as-code, and AI system security.
• Strong analytical, organizational, and communication skills for technical and non-technical audiences.
• Work authorization in the United States is required.

Nice to have

• Certifications like CISSP, CISM, CISA, or ISO 27001 Lead Auditor.
• Experience with securing AI/ML workflows and building automation with GenAI tools (e.g., Zapier, n8n).

Culture & Benefits

• Comprehensive medical, dental, and vision plans (Aetna, Kaiser Permanente, MetLife, VSP Vision Care).
• Family support including generous parental leave, Maven Clinic, Dependent Care FSA, and One Medical membership.
• 401(K) with generous company match.
• Unlimited PTO and robust voluntary benefits including identity protection and legal coverage.
• Commitment to diversity, equity, and inclusion as an Equal Opportunity Employer.