Security and Compliance Lead.

  • javascript
  • permanent
  • UK

This client is a rapidly expanding healthcare technology company that offers SaaS solutions. As a leader in the healthcare industry, they provide the most comprehensive, reliable, and easily accessible source of information on medications in the UK with their electronic medicines compendium (emc). Their innovative solutions cater to the life sciences and healthcare sectors, and they have a vast customer base of over 350 pharmaceutical companies in the UK. They are committed to maintaining the highest standards of security and compliance in all our operations.

They are seeking a proactive and skilled individual to join the Security team as a Security and Compliance Lead. You will be reporting directly to the Head of IT and Security, and your primary responsibility will be to ensure the effective management of Information Security and IT Risk within the business. This position requires an individual who can communicate effectively with stakeholders, including those at the C-suite level. You will need to be able to challenge and negotiate with confidence while building and maintaining trusted relationships.

As the Security and Compliance Lead, you will have an opportunity to work on major transformation projects, driving the IT and Information Security risk management strategy, and embedding the ISMS within this fast-growing organization. Your responsibilities will include overseeing information security policies, conducting contractual reviews, managing risk, and conducting training and awareness programs.

This position offers a hybrid work schedule, and the salary range for the role is between £45,000 - £50,000 per annum, depending on experience. To be considered for this role, you must be eligible to work in the UK.

 

As a Security and Compliance Lead, your key responsibilities will include:

  • Identifying and assessing IT and cyber risks and developing appropriate methods for remediation.
  • Driving information security governance, including conducting risk assessments, reviewing policies and standards, supporting contract reviews, and ensuring compliance around third-party supply chain defence.
  • Promoting a culture of awareness and understanding around cyber security risks throughout the organization.
  • Serving as the primary point of contact for information security, providing advice and guidance around risks and controls related to IT and information security, including developing remediation plans for known vulnerabilities.
  • Conducting threat assessments and facilitating risk reviews of critical projects, focusing on the IT and systems elements.
  • Reviewing, testing, and challenging IT and information security controls to ensure they are effective at mitigating risks, and recommending remedial actions where needed.
  • Enhancing and implementing information security and data processing policies and standards across the organization and maintaining those processes.
  • Managing and monitoring the day-to-day operation of the information security management system (ISMS).
  • Planning, managing, and conducting internal and third-party audits on IT governance, information security, and controls.
  • Raising change requests for technical security controls and assisting the IT team with their planning and deployment.
  • Administering security-related IT services, such as Microsoft Sentinel and Azure Security Centre.
  • Leading investigations into potential information security or GDPR breaches.

Overall, this role requires a highly skilled individual who can drive a culture of security and compliance, develop effective risk management strategies, and maintain robust information security policies and practices across the organization.

The following skills and qualifications are required for this role:

  • Demonstrated experience in managing information security risks, including knowledge of application security principles and secure SDLC frameworks in an AGILE environment, as well as experience in penetration testing.
  • Strong understanding of risk management frameworks, including Information Security, IT, and project risk management, with excellent skills in identifying and managing project risks, assumptions, issues, and dependencies (RAID).
  • Strong interpersonal skills, including stakeholder management, analysis, and attention to detail.
  • Knowledge of network architecture and data modelling, as well as strong business process mapping skills and documentation.
  • Experience with relevant data privacy laws and regulations, including a good understanding of the Data Protection Act and implementation of EU GDPR.
  • Knowledge of cloud computing concepts.
  • Experience managing policies and procedures in line with ISO 27001 (including knowledge of the 2022 revisions), ISO 9001, and Cyber Essentials specifications.
  • Possession or working towards relevant information security certifications such as Lead Auditor/Practitioner, CISM, CISSP, CRISC, etc.

 

They are seeking a candidate who can demonstrate the following skills and qualities:

Strong communication skills, including excellent verbal and written abilities, as well as interpersonal skills.

A commitment to delivering efficient and high-quality technical solutions.

Proactivity and self-motivation, with the ability to set and achieve personal goals.

Adaptability, with the ability to overcome obstacles and respond well to changes.

What you can expect to gain from this opportunity:

  • 25 days of annual leave.
  • Comprehensive onboarding and support to help you excel in your role.
  • Continuous training in software, including accreditation opportunities.
  • Life and medical insurance coverage.
  • Discounts on gym memberships and retailer discounts.
  • A 10% pension contribution (after 12 months).
  • A vibrant, supportive, and inclusive work environment where you can work alongside and learn from some outstanding individuals.

If this sounds like the perfect role for you then please apply now!

Sophie Tugby