Director of Information Security
London, England, United Kingdom
Applications have closed
Our Future Health
We’re bringing together up to five million people to develop new ways to prevent, detect and treat diseases.We need a Director of Information Security to help define and implement information and data security procedures to underpin all of the platforms we are creating. This ranges from the large-scale consumer applications to be used by people volunteering to join Our Future Health to the storage of huge amounts of sensitive genetic and health data. In this role you will be responsible for ensuring the confidentiality, integrity, and availability of all organisational information systems, data and products.
This is an unusual opportunity to join in the early days of a project that will reach national scale. Reporting to CTO, you will be responsible for the execution of our information and data security systems in line with the risk appetite agreed by our Board of Trustees and our Data Protection and Information Security Committee.
At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke. We’re looking for people to join us on our journey. If you’re looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we’re keen to speak with you.
What you'll be doing:
- Building a data, information and cyber security capability for Our Future Health that enables us to maintain the highest levels of public and participant trust, whilst enabling us to maximise the impact of the participant data we are collecting for health research outcomes.
- Owning and overseeing the overall plan for implementation of information security in line with the strategy and approach set by the Executive (CTO), the Board of Trustees and our Data Protection and Information Security Committee.
- Liaising with a range of partners and stakeholders to help define the strategy and overall information security approach.
- Being responsible for security incident response plans, ensuring our mechanisms are clear, well understood, regularly tested and updated.
- Creating detailed security risk mapping and the threat model, working with partners in NCSC and CPNI to ensure that this is regularly updated as threats and security risks evolve.
- Leading on and ensuring that information and cyber security culture and practices run through our culture.
The environment:
We’re a rapidly scaling team who’ve come from startups, tech companies, universities, the NHS and health charities. We’ve got a vast amount experience building and scaling big consumer products and working with different kinds of health data. We’re creating something that will be used to transform the prevention, detection and treatment of disease - something that has never been done before on this scale.
Requirements
- Proven track record and experience in developing information security programs, policies, procedures and culture, including successful implementations across a variety of smaller and larger organisations, including B2C web businesses.
- Excellent understanding of cloud security architecture and design, and aligning processes between security and engineering functions. We are using Azure although you could also be well versed in AWS or GCP.
- Experience designing and managing security incident response processes and teams.
- Demonstrable knowledge of common information security management frameworks, such as ISO27001 (implementing or auditing), as well as relevant legal and regulatory requirements, such as GDPR.
- An interest in bleeding-edge privacy enhancing technology solutions and their ability (or not) to enable the exploitation of sensitive data.
- The ability to take ownership and initiative in an ambiguous and fast-moving environment.
- Experience recruiting a team with the ability to lead teams and a track record of delivering reliable and improving solutions .
- The ability to translate and accurately communicate security and risk implications at senior level for technical and non-technical stakeholders.
- Experience in finding the right balance between technical and cultural measures that keep information secure, enabling the optimisation of information and data to achieve a business outcome.
- A growth mindset with the ability to learn quickly. Our Future Health is pioneering in the health data research domain and is navigating new territory when it comes to enabling the optimisation of participant health data, with consent, whilst keeping this data secure and protected to maintain trust. You will need to be or become an expert in this domain.
Experience in the healthcare domain working with NHS or Genetic Data is not essential but would be advantageous.
Benefits
- £110,000 - £130,000 per annum basic salary
- Generous company pension package with employer contributions of up to 12%.
- 30 days annual leave (plus bank holidays.)
- Continuous career development with regular appraisals and learning and development opportunities.
- A lovely new office in Holborn, Central London – we offer flexible and remote working arrangements.
Join us - let’s prevent disease together.
Tags: Audits AWS Azure Cloud GCP GDPR Incident response ISO 27001 Privacy Strategy
Perks/benefits: Career development Flex hours Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs