Director of Information Security

We need a Director of Information Security to help define and implement information and data security procedures to underpin all of the platforms we are creating. This ranges from the large-scale consumer applications to be used by people volunteering to join Our Future Health to the storage of huge amounts of sensitive genetic and health data. In this role you will be responsible for ensuring the confidentiality, integrity, and availability of all organisational information systems, data and products.

This is an unusual opportunity to join in the early days of a project that will reach national scale. Reporting to CTO, you will be responsible for the execution of our information and data security systems in line with the risk appetite agreed by our Board of Trustees and our Data Protection and Information Security Committee.

At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke.  We’re looking for people to join us on our journey. If you’re looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we’re keen to speak with you.

What you'll be doing:

• Building a data, information and cyber security capability for Our Future Health that enables us to maintain the highest levels of public and participant trust, whilst enabling us to maximise the impact of the participant data we are collecting for health research outcomes.
  
• Owning and overseeing the overall plan for implementation of information security in line with the strategy and approach set by the Executive (CTO), the Board of Trustees and our Data Protection and Information Security Committee.
  
• Liaising with a range of partners and stakeholders to help define the strategy and overall information security approach.
• Being responsible for security incident response plans, ensuring our mechanisms are clear, well understood, regularly tested and updated.
• Creating detailed security risk mapping and the threat model, working with partners in NCSC and CPNI to ensure that this is regularly updated as threats and security risks evolve.
  
• Leading on and ensuring that information and cyber security culture and practices run through our culture.

The environment:

We’re a rapidly scaling team who’ve come from startups, tech companies, universities, the NHS and health charities. We’ve got a vast amount experience building and scaling big consumer products and working with different kinds of health data. We’re creating something that will be used to transform the prevention, detection and treatment of disease - something that has never been done before on this scale.

Requirements

• Proven track record and experience in developing information security programs, policies, procedures and culture, including successful implementations across a variety of smaller and larger organisations, including B2C web businesses.
  
• Excellent understanding of cloud security architecture and design, and aligning processes between security and engineering functions. We are using Azure although you could also be well versed in AWS or GCP.
• Experience designing and managing security incident response processes and teams.
• Demonstrable knowledge of common information security management frameworks, such as ISO27001 (implementing or auditing), as well as relevant legal and regulatory requirements, such as GDPR.
• An interest in bleeding-edge privacy enhancing technology solutions and their ability (or not) to enable the exploitation of sensitive data.
• The ability to take ownership and initiative in an ambiguous and fast-moving environment.
• Experience recruiting a team with the ability to lead teams and a track record of delivering reliable and improving solutions .
• The ability to translate and accurately communicate security and risk implications at senior level for technical and non-technical stakeholders.
• Experience in finding the right balance between technical and cultural measures that keep information secure, enabling the optimisation of information and data to achieve a business outcome.
• A growth mindset with the ability to learn quickly. Our Future Health is pioneering in the health data research domain and is navigating new territory when it comes to enabling the optimisation of participant health data, with consent, whilst keeping this data secure and protected to maintain trust. You will need to be or become an expert in this domain.

Experience in the healthcare domain working with NHS or Genetic Data is not essential but would be advantageous.

Benefits

• £110,000 - £130,000 per annum basic salary
  
• Generous company pension package with employer contributions of up to 12%.
• 30 days annual leave (plus bank holidays.)
• Continuous career development with regular appraisals and learning and development opportunities.
• A lovely new office in Holborn, Central London – we offer flexible and remote working arrangements.

Join us - let’s prevent disease together.