Information Security Specialist

About Us

Legora is on a mission: to redefine how legal work gets done. From the very start we have been very clear about the fact that we are not building a solution for lawyers, we are building it with them, because it is the only way to make sure it gets done the right way; working side-by-side every step of the way.

Our AI-native workspace empowers legal professionals not just to work faster - but to ask better questions, unlock new insights. Every day, we push the boundaries of legal tech to make complex processes smarter, faster, and more human. From thousands of documents analysed in minutes to intelligent workflows designed in collaboration with leading practices, we’re turning possibility into reality.

Today we are trusted by global firms like Cleary Gottlieb, Goodwin, Bird & Bird and Linklaters in over 40 countries, but we have no plans on stopping here. We ship fast, we iterate effectively, and we scale rapidly - not by accident, but by design.

When you join Legora, you become part of a team that believes "good enough" isn’t good enough and that the way to win is together, by empowering lawyers to do their best work with technology that truly understands them. If you’re excited by building from first principles, working with exceptional people, and accelerating change in a high-stakes, high-impact domain—then this is the moment and the place.

We’re not just shaping the future of legal tech — we’re defining it. Ready to join us in building the intelligent future of law?

The role

At Legora, protecting our clients' highly sensitive legal data is fundamental to everything we do. We're building a security and compliance program designed for the AI era: Zero Trust architecture, rigorous governance, and continuous compliance as non-negotiables.

We are expanding our security team with Information Security specialist to help shape, drive, and scale our governance, risk, and compliance programs. You will work at the intersection of policy, risk management, audit readiness, and cutting-edge technology to ensure we maintain ISO 27001, SOC 2 Type II, and ISO 42001 compliance while enabling the business to move fast. This is a hands-on, high-impact role where you'll manage our Information Security Management System (ISMS), conduct risk assessments, coordinate audits, and serve as a trusted advisor to both internal teams and external clients. Your strength will be your knowledge of the E2E processes of how our product is built. You will utilize this to treat security risks in a modern way that fits our modern tech stack.

What you will be doing:

• Own and maintain the ISMS in accordance with ISO 27001 and ISO 42001, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved.

• Lead the company's compliance efforts for SOC 2 Type II and support future SOX ITGC readiness, working closely with Finance and Engineering to map business processes and establish IT controls.

• Develop, implement, and maintain information security policies, standards, and procedures that are lightweight, actionable, and aligned with regulatory frameworks including GDPR, ISO 27001, SOC 2, and ISO 42001.

• Conduct regular risk assessments, threat modeling, and gap analyses to identify security risks and prioritize remediation efforts across the organization.

• Coordinate internal and external audits, penetration tests, and compliance assessments — ensuring continuous audit readiness and managing remediation plans.

• Manage vendor risk by conducting third-party security reviews, due diligence assessments, and ongoing vendor monitoring.

• Be a primary point of contact for client security questionnaires, due diligence requests and contractual security commitments.

• Support secure AI governance by defining policies and controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001.

• Drive security awareness and training across the organization, including new joiners and regular security education sessions.

• Collaborate with Engineering and business teams and lead implementation of information security controls.

• Track and report on security metrics, KPIs, and compliance status to leadership, providing actionable insights and recommendations.

Who you are

• You have 9+ years of experience in GRC, information security, compliance, or audit roles, ideally in a high-growth technology or SaaS environment. Alternatively you are an experienced software engineer who is transitioning into Information Security.

• You have hands-on experience implementing and managing compliance programs for ISO 27001, SOC 2 Type II, SOX ITGC, NIST 800-53. You might have achieved desirable certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor.

• You have knowledge of governance frameworks, risk management methodologies, and data protection regulations (ERM, GDPR, CCPA, ISO 42001, SOX ITGC).

• You understand Zero Trust principles and OWASP top 10 risks and how to apply them across identity, devices, dev-ops processes and cloud services.

• Is great if you can confidently engage with technical teams on topics like cloud security (Azure), infrastructure-as-code, secure development practices, and AI system security.

• You have strong analytical and organizational skills, with the ability to remain focus amongst multiple audits, assessments, and compliance initiatives.

• You have excellent communication and stakeholder management skills, able to translate security & compliance requirements into clear, actionable guidance for technical and non-technical audiences.

• Experience with securing AI/ML workflows and building automation with GenAI tools (for example Zapier, n8n) is a big plus.

Benefits & Perks: We invest in our people with a comprehensive, thoughtfully designed benefits package:

Medical, Dental & Vision

• Multiple medical plan options through Aetna and Kaiser Permanente

• HSA or Healthcare FSA (based on plan selection)

• Dental plans via MetLife

• Vision coverage through VSP Vision Care
  Family Support

• Generous parental leave

• Free access to Maven Clinic

• Dependent Care FSA

• Free One Medical membership for employees and dependents

  Additional Perks

• Pre-tax commuter benefits

• Life Insurance + STD/LTD

• 401(K) with generous company match

• Unlimited PTO

• Robust voluntary benefits, including identity protection (via Aura), legal coverage through MetLife, pet savings programs, and more

Legora is an Equal Opportunity Employer

At Legora, we believe great teams are built on diversity of thought and experience. We’re proud to be an equal opportunity employer and committed to creating an inclusive, high-performance culture where everyone can do their best work. We welcome people of all backgrounds and don’t discriminate based on race, color, religion, national origin, gender, gender identity or expression, sexual orientation, age, disability, veteran status, or any other characteristic protected by law.