Information Security Lead

Appen is a leader in AI enablement for critical tasks such as model improvement, supervision, and evaluation. To do this we leverage our global crowd of over one million skilled contractors, speaking over 180 languages and dialects, representing 130 countries. In addition, we utilize the industry's most advanced AI-assisted data annotation platform to collect and label various types of data like images, text, speech, audio, and video.

Our data is crucial for building and continuously improving the world's most innovative artificial intelligence systems and Appen is already trusted by the world's largest technology companies. Now with the explosion of interest in generative AI, Appen is helping leaders in automotive, financial services, retail, healthcare, and governments the confidence to deploy world-class AI products.

At Appen, we are purpose driven. Our fundamental role in AI is to ensure all models are helpful, honest, and harmless, so we firmly believe in unlocking the power of AI to build a better world. We have a learn-it-all culture that values perspective, growth, and innovation. We are customer-obsessed, action-oriented, and celebrate winning together.

At Appen, we are committed to creating an inclusive and diverse workplace. We are an equal opportunity employer that does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Appen is committed to responsible AI and information security excellence. The organisation holds ISO 27001:2022 certification and SOC 2 Type II attestation, and is actively planning its ISO 42001:2023 AI Management System certification programme.

We are seeking an experienced and meticulous Information Security Lead to join us. This role requires someone who is highly organised, deeply familiar with management system documentation standards, and comfortable engaging with technical teams, auditors, and senior leadership. You will serve as the internal subject-matter expert on certification requirements and be the primary coordination point between the ISMS Programme Leader, control owners across the business, and external certification bodies. This role will require familiarity with LLM-based tools - for documentation, gap analysis, audit prep, and training content.

• Own and maintain the complete ISMS documentation library — SoA, policies, procedures, standards, guidelines, and work instructions — ensuring all documents are current, version-controlled, and accessible
• Conduct scheduled and ad-hoc document reviews; identify gaps against ISO 27001:2022 Annex A controls and drive timely updates in coordination with control owners
• Track and manage the corrective action and CAPA register; follow up with control owners to ensure timely resolution of non-conformities and audit observations
• Coordinate and support internal ISMS audits, including scheduling, criteria preparation, and findings documentation
• Maintain control documentation across all applicable Trust Services Criteria (Security, Availability, Confidentiality, and, where applicable, Processing Integrity and Privacy)
• Coordinate the annual SOC 2 Type II audit: manage auditor requests, organise evidence collection from control owners, and track response status throughout the audit window
• Maintain the evidence repository; ensure all operational control evidence is collected, labelled, and retained per audit requirements
• Support the ISO 42001:2023 implementation programme as Appen advances towards certification
• Help develop new AI-specific documentation — AI Policy, AI Impact Assessment procedures, AI system inventory, training data governance controls, and the ISO 42001 Statement of Applicability
• Support the operationalisation of AI management controls across Technology and Product teams during the implementation phase
• Coordinate AI management system awareness training and assist in extending the existing security training programme with AI-specific modules
• Produce regular programme status reports for the CISO and ISMS Steering Committee, tracking documentation health, open actions, and upcoming audit milestones
• Stay current with developments in ISO 27001, SOC 2, ISO 42001, and related frameworks (NIST CSF, EU AI Act) and advise the team on required programme updates

• 5–8 years of experience in information security, GRC, or IT audit roles
• Demonstrable hands-on experience supporting or managing ISO 27001 ISMS implementation, documentation, and certification
• Direct involvement in at least one SOC 2 Type II audit cycle (evidence coordination, auditor liaison, control documentation)
• Proficiency in document management: version control, policy lifecycle, and document repositories (SharePoint, Confluence, or equivalent)
• Familiarity with risk assessment methodologies and risk treatment planning
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
• Desirable/ Nice to have
• ISO 27001 Lead Implementer or Lead Auditor certification
• ISO 42001:2023 awareness training or familiarity with AI management system requirements
• Experience with AI/data companies or technology platforms with complex AI governance obligations
• Certified Information Systems Auditor (CISA), CISM, CISSP, or equivalent