Salary: Dependent on Experience
Location: Flexible: Reigate or Manchester area
Job type: Full time
Working Pattern: 2 days per week onsite | 4.5 day working week (Half day Fridays)
About Infinity
We are building the next generation of call intelligence and AI-driven insight platforms. Over the next three years, our focus is on evolving from a strong analytics foundation into an outcome-driven, API-first platform that embeds intelligence directly into customer workflows.
This is an opportunity to join us at a pivotal stage. You’ll help shape both how we build and what we build, working on systems that process high-volume, high-value data and increasingly leverage AI and automation to deliver measurable customer and business outcomes.
We value pragmatic engineering, clear thinking, and continuous learning. Our teams are small, autonomous, and outcome-focused, with a strong emphasis on quality, ownership, and collaboration.
We are entering our next growth phase - investing in AI-powered platform scalability, operational excellence and maturity, and cost-efficient growth to support our long‑term strategy and enterprise ambitions.
The Role
ISMS Management & Continual Improvement
- Own the day-to-day operation and maintenance of Infinity’s Information Security Management System (ISMS), ensuring documentation remains current, accurate, and audit-ready as the organisation evolves
- Conduct a structured review of Infinity’s compliance posture against ISO 27001:2022, building on our existing certification to ensure controls remain robust, current, and continuously improving – this is the immediate foundation the role builds from
- Maintain and evolve the risk register, asset register, and control framework – ensuring they reflect the real state of the organisation and are not treated as point-in-time artefacts
- Drive the internal audit programme and coordinate external certification audits, acting as the primary point of contact for our certification body
- Ensure policies, procedures, and supporting documentation remain fit for purpose as the organisation evolves – particularly as AI platform capability and agentic delivery practices mature
PCI‑DSS & Regulatory Compliance
- Own operational compliance with PCI‑DSS v4.0.1 – coordinating evidence, managing the relationship with our QSA, and ensuring controls remain effective between audit cycles
- Maintain working knowledge of GDPR and ICO obligations as they apply to Infinity’s data practices – flagging risks, supporting Data Protection Impact Assessments, and ensuring compliance considerations are embedded in product and platform decisions
- Monitor the evolving regulatory landscape – including NIS2 and future SOC 2 scope – and maintain a clear view of what Infinity will need to do to meet emerging obligations, surfacing priorities to the CTO in good time
Security Operations & Assurance
- Partner with the Head of DevOps to drive Infinity’s move toward continuous penetration testing – coordinating the programme with our pen testing partner Aikido, managing remediation tracking, and ensuring findings are addressed and evidenced systematically
- Own the InfoSec request process – responding to client and prospect security questionnaires, due diligence requests, and vendor assessments with accuracy and confidence, and building a reusable library that reduces the overhead over time
- Maintain oversight of security tooling and controls – working with DevOps on vulnerability management, access controls, and security scanning – ensuring the technical controls that underpin certification are operating as intended
- Support incident response processes – maintaining the incident response plan, coordinating tabletop exercises, and ensuring the organisation is prepared to respond effectively when it matters
Reporting & Visibility
- Produce regular security and compliance reporting for the CTO and senior leadership – giving clear, evidence-based visibility of Infinity’s posture, open risks, and progress against remediation plans
- Build and maintain the metrics and dashboards that make security posture visible and meaningful – not just for internal governance but for external audiences including clients, auditors, and prospective enterprise customers
- Represent Infinity’s security and compliance credentials credibly in commercial conversations – supporting Sales and Customer Success with the evidence and context they need to close enterprise deals and retain clients where security posture is a factor
AI Governance & Emerging Obligations
- Partner with the Head of AI Platform & Applied Intelligence on AI governance requirements – ensuring that as Infinity’s AI capability grows, the governance framework keeps pace with obligations under ISO/IEC 42001 and emerging AI-specific compliance expectations
- Ensure security and compliance considerations are embedded in the design of new AI features and platform capabilities from the outset – not retrofitted after the fact
AI-Augmented Security & Compliance
- Actively adopt and champion the use of AI tooling to improve the efficiency and effectiveness of security and compliance operations – from automating evidence collection and policy maintenance to accelerating InfoSec questionnaire responses and monitoring for emerging risks
- Stay current with how AI is reshaping the compliance and security landscape – both as a capability Infinity can use to strengthen its posture and as a development that compliance frameworks themselves are increasingly having to address
About You – Essential
Solid working knowledge of ISO 27001 – ideally including hands‑on experience maintaining an ISMS, preparing for certification audits, and managing the continual improvement cycle
Practical understanding of PCI‑DSS and GDPR as they apply in a B2B SaaS context – not just conceptual familiarity but experience translating obligations into controls and evidence
A detail‑oriented, ownership-driven approach – this role requires someone who takes personal responsibility for accuracy, completeness, and follow-through, without needing to be managed into it
Strong written communication skills – the ability to produce clear, well-structured policies, reports, and InfoSec responses that serve different audiences effectively
The organisational capability to maintain multiple workstreams simultaneously – audit cycles, client requests, remediation tracking, policy maintenance – without losing grip on any of them
Comfortable working as an individual contributor with broad organisational reach – influencing without authority and building credibility through knowledge and consistency
Highly Desirable
- Experience responding to enterprise InfoSec questionnaires and supporting security due diligence processes in a commercial context
- Familiarity with continuous penetration testing approaches and programmes – coordinating testing cycles, interpreting findings, and managing remediation through to evidence
- Working knowledge of NIS2 and SOC 2 – understanding of what they require and what preparation looks like, even without direct certification experience
- Exposure to AI governance frameworks, including ISO/IEC 42001, or an active interest in developing that knowledge as Infinity’s AI capability grows
- Experience working within a cloud-native environment – understanding how AWS infrastructure, serverless architecture, and SaaS delivery models interact with security and compliance obligations
- Relevant professional qualifications – CISSP, CISM, ISO 27001 Lead Auditor or Implementer, or equivalent
Benefits You Can Enjoy
- 4.5 day working week (Half day every Friday – 1pm finish)
- 25 days holiday (with the option to buy up to an additional 5 days per year)
- Private single medical insurance
- Employee Assistance Programme
- Life Assurance (4x Salary)
- Enhanced Maternity and Paternity Pay
- Tech Scheme Loan (of up to £2,000 per year)
- Ride to Work Scheme
- Season Ticket Loan
- Dedicated annual company and team social budget
At Infinity, our aim is to be the best call tracking provider in the world and to do that we welcome our employees with open arms and create an environment where you can bring your best self, every day! We're an equal opportunities employer. That means we'll never discriminate based on race, religion, origin, gender expression, sexual orientation, age, marital status, social economics status or disability status. In fact, our recruitment process is completely anonymised, and we don't see any of your personal details when we review your application.
At Infinity, we don't treat our hiring process as a box-ticking exercise and we're just as interested in team fit as we are technical fit. So, even if you don't meet all the requirements listed in one of our vacancies, get in touch with us anyway because we'd love to hear from you
#J-18808-Ljbffr