Salary: Dependent on Experience  

Location: Flexible: Reigate or Manchester area 

Job type: Full time

Working Pattern: 2 days per week onsite | 4.5 day working week (Half day Fridays) 

About Infinity

We are building the next generation of call intelligence and AI-driven insight platforms. Over the next three years, our focus is on evolving from a strong analytics foundation into an outcome-driven, API-first platform that embeds intelligence directly into customer workflows.

This is an opportunity to join us at a pivotal stage. You’ll help shape both how we build and what we build, working on systems that process high-volume, high-value data and increasingly leverage AI and automation to deliver measurable customer and business outcomes.

We value pragmatic engineering, clear thinking, and continuous learning. Our teams are small, autonomous, and outcome-focused, with a strong emphasis on quality, ownership, and collaboration.

We are entering our next growth phase - investing in AI-powered platform scalability, operational excellence and maturity, and cost-efficient growth to support our long-term strategy and enterprise ambitions.

The Role

ISMS Management & Continual Improvement

• Own the day-to-day operation and maintenance of Infinity’s Information Security Management System (ISMS), ensuring documentation remains current, accurate, and audit-ready as the organisation evolves

• Conduct a structured review of Infinity’s compliance posture against ISO 27001:2022, building on our existing certification to ensure controls remain robust, current, and continuously improving - this is the immediate foundation the role builds from

• Maintain and evolve the risk register, asset register, and control framework - ensuring they reflect the real state of the organisation and are not treated as point-in-time artefacts

• Drive the internal audit programme and coordinate external certification audits, acting as the primary point of contact for our certification body

• Ensure policies, procedures, and supporting documentation remain fit for purpose as the organisation evolves - particularly as AI platform capability and agentic delivery practices mature

PCI-DSS & Regulatory Compliance

• Own operational compliance with PCI-DSS v4.0.1 - coordinating evidence, managing the relationship with our QSA, and ensuring controls remain effective between audit cycles

• Maintain working knowledge of GDPR and ICO obligations as they apply to Infinity’s data practices - flagging risks, supporting Data Protection Impact Assessments, and ensuring compliance considerations are embedded in product and platform decisions

• Monitor the evolving regulatory landscape - including NIS2 and future SOC 2 scope - and maintain a clear view of what Infinity will need to do to meet emerging obligations, surfacing priorities to the CTO in good time

Security Operations & Assurance

• Partner with the Head of DevOps to drive Infinity’s move toward continuous penetration testing - coordinating the programme with our pen testing partner Aikido, managing remediation tracking, and ensuring findings are addressed and evidenced systematically

• Own the InfoSec request process - responding to client and prospect security questionnaires, due diligence requests, and vendor assessments with accuracy and confidence, and building a reusable library that reduces the overhead over time

• Maintain oversight of security tooling and controls - working with DevOps on vulnerability management, access controls, and security scanning - ensuring the technical controls that underpin certification are operating as intended

• Support incident response processes - maintaining the incident response plan, coordinating tabletop exercises, and ensuring the organisation is prepared to respond effectively when it matters

Reporting & Visibility

• Produce regular security and compliance reporting for the CTO and senior leadership - giving clear, evidence-based visibility of Infinity’s posture, open risks, and progress against remediation plans

• Build and maintain the metrics and dashboards that make security posture visible and meaningful - not just for internal governance but for external audiences including clients, auditors, and prospective enterprise customers

• Represent Infinity’s security and compliance credentials credibly in commercial conversations - supporting Sales and Customer Success with the evidence and context they need to close enterprise deals and retain clients where security posture is a factor

AI Governance & Emerging Obligations

• Partner with the Head of AI Platform & Applied Intelligence on AI governance requirements - ensuring that as Infinity’s AI capability grows, the governance framework keeps pace with obligations under ISO/IEC 42001 and emerging AI-specific compliance expectations

• Ensure security and compliance considerations are embedded in the design of new AI features and platform capabilities from the outset - not retrofitted after the fact

AI-Augmented Security & Compliance

• Actively adopt and champion the use of AI tooling to improve the efficiency and effectiveness of security and compliance operations - from automating evidence collection and policy maintenance to accelerating InfoSec questionnaire responses and monitoring for emerging risks

• Stay current with how AI is reshaping the compliance and security landscape - both as a capability Infinity can use to strengthen its posture and as a development that compliance frameworks themselves are increasingly having to address

About You

Essential

Solid working knowledge of ISO 27001 - ideally including hands-on experience maintaining an ISMS, preparing for certification audits, and managing the continual improvement cycle

Practical understanding of PCI-DSS and GDPR as they apply in a B2B SaaS context - not just conceptual familiarity but experience translating obligations into controls and evidence

A detail-oriented, ownership-driven approach - this role requires someone who takes personal responsibility for accuracy, completeness, and follow-through, without needing to be managed into it

Strong written communication skills - the ability to produce clear, well-structured policies, reports, and InfoSec responses that serve different audiences effectively

The organisational capability to maintain multiple workstreams simultaneously - audit cycles, client requests, remediation tracking, policy maintenance - without losing grip on any of them

Comfortable working as an individual contributor with broad organisational reach - influencing without authority and building credibility through knowledge and consistency

Highly Desirable

Experience responding to enterprise InfoSec questionnaires and supporting security due diligence processes in a commercial context

Familiarity with continuous penetration testing approaches and programmes - coordinating testing cycles, interpreting findings, and managing remediation through to evidence

Working knowledge of NIS2 and SOC 2 - understanding of what they require and what preparation looks like, even without direct certification experience

Exposure to AI governance frameworks, including ISO/IEC 42001, or an active interest in developing that knowledge as Infinity’s AI capability grows

Experience working within a cloud-native environment - understanding how AWS infrastructure, serverless architecture, and SaaS delivery models interact with security and compliance obligations

Relevant professional qualifications - CISSP, CISM, ISO 27001 Lead Auditor or Implementer, or equivalent

Benefits you can enjoy

• 4.5 day working week (Half day every Friday- 1pm finish) 

• 25 days holiday (with the option to buy up to an additional 5 days per year)

• Private single medical insurance

• Employee Assistance Programme

• Life Assurance (4x Salary)

• Enhanced Maternity and Paternity Pay

• Tech Scheme Loan (of up to £2,000 per year)

• Ride to Work Scheme

• Season Ticket Loan

• Dedicated annual company and team social budget 

At infinity, our aim is to be the best call tracking provider in the world and to do that we welcome our employees with open arms and create an environment where you can bring your best self, every day! We're an equal opportunities employer. That means we'll never discriminate based on race, religion, origin, gender expression, sexual orientation, age, marital status, social economics status or disability status. In fact, our recruitment process is completely anonymised, and we don't see any of your personal details when we review your application.

At Infinity, we don't treat our hiring process as a box ticking exercise and we're just as interested in team fit as we are technical fit. So, even if you don't meet all the requirements listed in one of our vacancies, get in touch with us anyway because we'd love to hear from you