In this role, you will take ownership of EF’s ISO 27001-certified Information Security Management System (ISMS) — ensuring it remains effective, audit-ready, and aligned with the way the business operates. You will coordinate governance, risk, and compliance (GRC) activities across the organisation while working closely with teams worldwide.

EF achieved ISO 27001 certification in 2020 and has since developed a mature ISMS. Your focus will be to run and continuously improve this system, ensuring it supports real business needs while meeting regulatory expectations. You will also contribute to forward-looking areas such as AI-related regulation and emerging security requirements.

This role is ideal for someone with solid GRC experience who is ready to take ownership, influence stakeholders, and grow into a senior security governance position over time.

What You’ll Do

ISMS Ownership & Audit Leadership
Own and operate EF’s ISO 27001-certified ISMS end-to-end
Ensure ongoing compliance with ISO 27001 requirements and internal controls
Plan and lead internal audits, coordinate external certification audits, and manage remediation activities
Maintain risk registers, control frameworks, and treatment plans
Drive continuous improvement to keep the ISMS effective and business-aligned

Risk & Security Assurance

Conduct risk assessments across systems, projects, vendors, and business processes
Coordinate penetration testing and vulnerability management activities
Oversee supplier security due diligence and third-party risk processes
Support incident management and post-incident reviews

Policies, Awareness & Cross-Functional Collaboration

Own and maintain security policies, standards, and procedures
Ensure policies remain practical, up-to-date, and aligned with business needs
Support organisation-wide security awareness initiatives
Work closely with teams across technology, product, legal, and operations
Translate security requirements into clear, actionable guidance

Emerging Topics & AI Readiness

Support preparation for new regulations, including the EU AI Act
Contribute to early governance work related to responsible AI use
Monitor evolving requirements and industry best practices
Prior AI governance experience is not required — curiosity and willingness to learn are essential

What We’re Looking For

Essential Experience

Approximately 3+ years of experience in Information Security, GRC, IT Risk, or a related field
Strong working knowledge of ISO 27001 and risk management principles
Experience supporting or leading audits and compliance activities
Fluency in English
Comfortable taking ownership of processes and driving them forward independently
Able to balance structure with pragmatism in a dynamic environment
Strong organisational skills and attention to detail
Clear communicator who can engage both technical and business stakeholders
Curious, proactive, and motivated to grow professionally
Interest in emerging technologies, including AI

This role is particularly well suited to candidates from technology companies, consulting, or corporate environments who want to own a mature ISMS and broaden their governance expertise in a global organisation.

Desirable Skills

ISO 27001 Lead Implementer / Lead Auditor or similar certification
Experience coordinating external certification audits
Exposure to GDPR and global privacy requirements
Experience supporting customer trust in a B2B environment
Familiarity with additional frameworks (e.g., NIST CSF, SOC 2)

Technical Background

A basic technical foundation is required, but deep expertise is not expected. Successful candidates will receive training on EF’s products, systems, and technologies.

Personal Qualities

We are especially interested in candidates who are:

Friendly, approachable, and collaborative
Proactive and eager to learn
Comfortable working in a fast-paced environment
Detail-oriented and reliable
Adaptable and calm under pressure
Motivated to grow into a customer-facing technical career

Why Join EF?

Work in a dynamic, international environment
Collaborate with colleagues from around the world
Gain exposure to enterprise customers and modern SaaS technology
Clear opportunities for career progression across teams and regions
Be part of a company that values energy, culture, and innovation

About EF Education First

At EF we believe that the world is better when people try to understand one another. Since 1965, we have helped millions of people see new places, experience new cultures, and learn new things about the world and about themselves. Our culturally immersive education programs—focused on language, travel, cultural exchange, and academics—turn dreams into international opportunities.

When you join EF, you join a multicultural and diverse community working across more than 600 schools and offices in 50 countries, all with one shared mission of opening the world through education. Whoever you are, whatever you are passionate about—we welcome you and want you to bring that to work every day. EF is proud to be an equal opportunity employer and we are committed to inclusion and belonging across race, ethnicity, gender, age, religion, caste, parental status, identity, experience and everything else that makes you unique.

Founded in Sweden in 1965, EF has schools and offices around the world, including hubs in Boston, London, Mexico City, São Paulo, Shanghai, Stockholm, Zürich, and more. Learn more at https://www.ef.com.

Apply now

See more open positions at EF Education First

Privacy policy Cookie policy

Follow Us

Follow Us

Ed Tech companies you'll love to work for

Information Security Specialist (GRC)

Fast Links

Contact Us