Summary

Key Responsibilities

1. Own and maintain the complete ISMS documentation library — SoA, policies, procedures, standards, guidelines, and work instructions — ensuring all documents are current, version-controlled, and accessible
2. Conduct scheduled and ad-hoc document reviews; identify gaps against ISO 27001:2022 Annex A controls and drive timely updates in coordination with control owners
3. Track and manage the corrective action and CAPA register; follow up with control owners to ensure timely resolution of non-conformities and audit observations
4. Coordinate and support internal ISMS audits, including scheduling, criteria preparation, and findings documentation
5. Maintain control documentation across all applicable Trust Services Criteria (Security, Availability, Confidentiality, and, where applicable, Processing Integrity and Privacy)
6. Coordinate the annual SOC 2 Type II audit: manage auditor requests, organise evidence collection from control owners, and track response status throughout the audit window
7. Maintain the evidence repository; ensure all operational control evidence is collected, labelled, and retained per audit requirements
8. Support the ISO 42001:2023 implementation programme as Appen advances towards certification
9. Help develop new AI-specific documentation — AI Policy, AI Impact Assessment procedures, AI system inventory, training data governance controls, and the ISO 42001 Statement of Applicability
10. Support the operationalisation of AI management controls across Technology and Product teams during the implementation phase
11. Coordinate AI management system awareness training and assist in extending the existing security training programme with AI-specific modules
12. Produce regular programme status reports for the CISO and ISMS Steering Committee, tracking documentation health, open actions, and upcoming audit milestones
13. Stay current with developments in ISO 27001, SOC 2, ISO 42001, and related frameworks (NIST CSF, EU AI Act) and advise the team on required programme updates

Qualifications & Experience

1. 5–8 years of experience in information security, GRC, or IT audit roles
2. Demonstrable hands-on experience supporting or managing ISO 27001 ISMS implementation, documentation, and certification
3. Direct involvement in at least one SOC 2 Type II audit cycle (evidence coordination, auditor liaison, control documentation)
4. Proficiency in document management: version control, policy lifecycle, and document repositories (SharePoint, Confluence, or equivalent)
5. Familiarity with risk assessment methodologies and risk treatment planning
6. Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
7. Desirable/ Nice to have
8. ISO 27001 Lead Implementer or Lead Auditor certification
9. ISO 42001:2023 awareness training or familiarity with AI management system requirements
10. Experience with AI/data companies or technology platforms with complex AI governance obligations
11. Certified Information Systems Auditor (CISA), CISM, CISSP, or equivalent

Appen is the global leader in data for the AI Lifecycle with more than 25 years’ experience in data sourcing, annotation, and model evaluation. Through our expertise, platform, and global crowd, we enable organizations to launch the world’s most innovative artificial intelligence products with speed and at scale. Appen maintains the industry’s most advanced AI-assisted data annotation platform and boasts a global crowd of more than 1 million contributors worldwide, speaking more than 235 languages. Our products and services make Appen a trusted partner to leaders in technology, automotive, finance, retail, healthcare, and government. Appen has customers and offices globally. 

Skills

• Communications Skills
• Cybersecurity Solutions
• Leadership
• Risk Analysis
• Team Collaboration