Cyber Security Lead

Seeking a senior cyber and information security professional to lead on safeguarding critical healthcare technology platforms. This role is ideal for someone with strong expertise in compliance, risk management, and security governance-particularly within public sector or regulated environments-who's has been working at CISO level, or is ready to step into a strategic leadership position.

A global, forward-thinking organisation, they prioritise staff wellbeing (with flexible hybrid working offered) and are driven by a passion for creating impactful healthcare technology, with a strong commitment to quality and compliance.

• Security Strategy: Define and maintain a robust security strategy aligned with business goals and growth.
• Compliance: Ensure adherence to key standards including DSPT, Cyber Essentials Plus, and ISO27001:2022.
• Risk Management: Lead the identification and mitigation of information security risks across all operations.
• Security Architecture: Oversee secure system and software design throughout the development lifecycle.
• Incident Response: Manage the full lifecycle of security incidents, including reporting to relevant authorities.
• Awareness & Training: Drive a strong security culture through staff training and awareness initiatives.
• Regulatory Compliance: Support ongoing compliance with UK and EU data protection laws and regulations.
• Leadership: Provide strategic leadership and mentorship within the governance, risk, and compliance team.
• Security Leadership: Senior-level experience in information security, ideally in a CISO or equivalent role within software or health tech.
• Healthcare Standards: Strong knowledge of UK healthcare security frameworks like DSPT, DTAC, and NCSC CAF.
• ISO 27001: Proven track record in implementing and maintaining ISO 27001:2022-certified ISMS.
• Secure by Design: Deep understanding of secure SDLC and embedding security into product and system architecture.
• Risk Management: Expertise in building and managing security risk frameworks using methodologies like OCTAVE or FAIR.
• Incident Response: Hands-on experience leading incident response, including regulatory reporting and crisis management.
• Policy & Governance: Skilled in developing and enforcing comprehensive security policies and governance structures.
• Regulatory Compliance: Strong grasp of GDPR, the Data Protection Act, and NIS Directive within a health tech context.

Apply for a Job Vacancy

See a role that suits you? Want to join our team or work with one of our clients? Apply now!