I.T Security, Privacy & AI Governance Lead
Edinburgh
Wordsmith
Wordsmith is building the AI-enabled command centre for in-house legal teams.
Our customers are some of the most demanding enterprise legal departments in the world, and they hold us to a high bar on how we secure our systems, devices, and infrastructure.
We're looking for someone to build the IT security function that keeps that trust intact as we scale.
The Role
Security, Privacy & AI Governance Leads make sure Wordsmith's systems, devices, and infrastructure stay secure as the company grows.
You'll build our IT security function from the ground up — covering device management, identity and access, infrastructure controls, and incident response — while also owning the compliance and AI governance work that keeps enterprise customers confident in how we operate.
It's a hands-on, build-it-yourself role. You'll choose the tooling, set the controls, and make sure security is baked into how the company operates day to day, not bolted on afterwards.
What You'll Do
IT Security & Device Management
Own device compliance and mobile device management (MDM) across the company, using tools like Jamf or Intune to keep endpoints secure and compliant.
Manage identity and access management (IAM) — provisioning, access reviews, and least-privilege controls — using tools like Okta.
Own infrastructure and cloud security controls across our environment (e.g. AWS), working closely with Engineering to keep systems hardened.
Security Operations & Incident Response
Lead security incident response — full lifecycle investigations, coordinating with internal teams and external partners (e.g. SOCaaS providers), and running post-incident reviews and tabletop exercises.
Operate and tune security monitoring and detection tooling (EDR, DLP, SIEM, or similar) to catch and respond to threats quickly.
Compliance & Certification
Own SOC 2 Type II and ISO 27001/27017/27018 end-to-end, from policy design through to audit evidence and the audits themselves.
Automate evidence collection to cut audit overhead and keep the program running without heavy manual effort.
AI Governance & Vendor Risk
Assess third-party vendors and AI tools for security and privacy risk before they're adopted, and put the right safeguards in place.
Support Wordsmith's AI governance program, including risk reviews tied to how AI is used across the product.
Customer & Deal Support
Partner with Sales, Customer Success, and Legal to support enterprise deals — security questionnaires, DPAs, and contract terms — without slowing the business down.
Manage our Trust Center, giving customers self-service access to our security and compliance documentation.
What we're looking for
Essential
Experience running IT security operations at a fast-growing SaaS company, including device management and identity and access management.
Hands-on experience with MDM platforms such as Jamf or Intune.
Hands-on experience with IAM tooling (e.g. Okta) and cloud infrastructure security (e.g. AWS).
Experience leading security incident response, from investigation through to post-incident review.
Working knowledge of SOC 2 and the ISO 27000 series.
Comfortable evaluating and operating security tooling such as EDR, DLP, or SIEM platforms.
A strong cross-functional operator, comfortable bridging IT, Security, Engineering, and GTM teams.
Valued
Exposure to privacy regulation (e.g. GDPR) and AI governance frameworks (e.g. ISO 42001).
Relevant certifications — e.g. CISSP/ISC2, CCSK, CIPP/E, or AIGP.
Experience in legal tech, AI, or another highly regulated SaaS environment.
Familiarity with tools such as Vanta, Crowdstrike, Zscaler, Datadog, or Whistic.
Why this role matters
The trust enterprise legal teams place in us depends on how well we secure our systems and devices — this role is central to that.
Your work will directly shape how the company handles security operations, device management, and infrastructure risk as we scale globally.
You will have the autonomy to build this function from scratch — this is a high-ownership role at a company moving fast.
What you can expect
The chance to build an IT security function from the ground up, with real ownership over how it's shaped.
Close collaboration with Engineering, Legal, and GTM in an environment where your work has visible, immediate impact.
How we work
We're an in-office team in Edinburgh. We work together because it helps us collaborate closely across product, engineering, and legal teams. You should expect to be in the office as your default.
This is a high ownership role. You'll be trusted to run projects, work directly with customers, and drive outcomes without heavy oversight.

Built for in-house legal teams. Make your legal team a delight to interact with across the business using leading AI models.
Let anyone discover any legal knowledge, self serve workflows, triage and spot risks and let your legal team scale effortlessly.