Information Security Officer
fulltime_permanent experiencedJob Overview
Who are we?
Gain is the private markets super app - a connected global platform transforming how leading investment firms source, evaluate, and execute deals. By combining investment-grade intelligence, AI-powered workflows, and proprietary knowledge, we empower the world’s top deal teams to move faster, reduce risk, and build conviction.
Gain is trusted across more than $1 trillion of private capital, used by 100% of MBB and Big Four firms, and by over 70% of the world’s top 20 M&A advisory houses.
Recognised for our commitment to delivering excellent data, we have been named US and EU Data Provider of the Year (PE Wire), awarded Global Financial Market Review’s Best Use of AI in Finance, listed among Sifted’s Top 100 Fastest-Growing Companies, and ranked in the Deloitte Technology Fast 50. Gain operates globally with offices in New York, London, Amsterdam, Frankfurt, Warsaw, and Bangalore.
What the role entails
We are looking for an Information Security Officer to own and continuously strengthen Gain’s security, compliance, and data-protection posture as we scale globally. This is a hands-on role with real accountability: you will design, implement, and operate our security framework across the organisation.
You will work closely with other functions, including Engineering, Product, Finance/Risk/Legal, and play a critical role in supporting enterprise customer requirements, audits, and regulatory readiness.
Key responsibilities
• Security & compliance ownership
Own and maintain our SOC 2 (Type II) control environment, including evidence collection, remediation, and auditor interaction.
Translate security requirements into pragmatic, scalable controls
• Endpoint & access security
Own MDM strategy and implementation across laptops, mobile devices, and access controls.
Define and enforce device security, identity management, and least-privilege access.
• Risk management
Identify, assess, and mitigate security risks across systems, vendors, and processes.
Lead incident response planning and execution when required.
• Security operations
Maintain policies, procedures, and security awareness programmes.
Manage security tooling and third-party security providers.
Support customer due-diligence, security questionnaires, and enterprise onboarding.
• Data protection & privacy
Support implementation of data-privacy and data-protection requirements (e.g. GDPR and related frameworks)
Partner with Legal and Product on privacy-by-design and customer security assessments.