Company: Health Tech
Location: Home based - must be able to get into Milton Keynes for meetings
Reports to CFO
As the Director of Security, you will lead Cyber Security, Information Security and Compliance functions. This is a senior management role built on relationships, strong domain knowledge and operational experience of security in modern digital services.
• Maintain a security strategy which allows cyber and information risks to be managed effectively.
• Maintain and ensure adoption of security risk governance, policies, and processes.
• Maintain appropriate and proportionate operational security controls to reduce risks to an acceptable level.
• Ensure that cyber and information security threats, vulnerabilities, and risks to the organisation are regularly re-assessed and re-evaluated.
• Ensure that the risk to information held by suppliers and third parties is managed effectively.
• Maintain capability for cyber and information security incident management to limit the business impact from incidents and to prevent them from re-occurring.
• Ensure that legal, regulatory, and commercial compliance obligations are maintained and evidenced.
• A track record of successful security leadership, driving continued development and innovation in Cyber Security and risk management.
• Experience of implementing and maintaining security in cloud based digital services organisations.
• Experience of managing, leading, and developing teams using permanent and 3rd party providers.
• A willingness to take a hands-on approach when appropriate.
• Familiarity with the NCSC and/or NHS suite of security policies, guidance, and standards.
• Experience in using good practice standards such as ISO 27001 (Implementation, Compliance, Certification, and audit reviews).
• Experience of working in a digital services or software development organisation.
• A background of Security Architecture.
Skills and Abilities:
• Ability to think commercially and strategically.
• Excellent team leadership skills and behaviours.
• Commercially focused with an understanding of the operations which impact a business and how risk is managed optimally for the business, customers, and other stakeholders.
• Strong presentation, written and oral communication skills.
• Strong numeracy and analytic skills informing evidence-based decisions.
• Excellent interpersonal skills, able to influence, build and maintain strong working relationships with a wide range of stakeholders; collaborative and consultative.
• Enthusiastic, motivated, adaptable, and proactive with the ability to work flexibly in a changing environment.
You will hold one or more of the following qualifications (or equivalent):
• Certified Information Systems Security Professional (CISSP).
• SABSA Chartered Security Architect - Foundation Certificate (SCF).
• Certificated Information Security Manager (CISM).