Job Title: Cyber & Information Security Lead
Type: Full Time & Permanent
Location: Hybrid/Bath, England
About the Role:
Seeking a senior cyber and information security professional to lead on safeguarding critical healthcare technology platforms. This role is ideal for someone with strong expertise in compliance, risk management, and security governance—particularly within public sector or regulated environments—who’s has been working at CISO level, or is ready to step into a strategic leadership position.
A global, forward-thinking organisation, they prioritise staff wellbeing (with flexible hybrid working offered) and are driven by a passion for creating impactful healthcare technology, with a strong commitment to quality and compliance.
Key Responsibilities:
* Security Strategy: Define and maintain a robust security strategy aligned with business goals and growth.
* Compliance: Ensure adherence to key standards including DSPT, Cyber Essentials Plus, and ISO27001:2022.
* Risk Management: Lead the identification and mitigation of information security risks across all operations.
* Security Architecture: Oversee secure system and software design throughout the development lifecycle.
* Incident Response: Manage the full lifecycle of security incidents, including reporting to relevant authorities.
* Awareness & Training: Drive a strong security culture through staff training and awareness initiatives.
* Regulatory Compliance: Support ongoing compliance with UK and EU data protection laws and regulations.
* Leadership: Provide strategic leadership and mentorship within the governance, risk, and compliance team.
Essential Skills:
* Security Leadership: Senior-level experience in information security, ideally in a CISO or equivalent role within software or health tech.
* Healthcare Standards: Strong knowledge of UK healthcare security frameworks like DSPT, DTAC, and NCSC CAF.
* ISO 27001: Proven track record in implementing and maintaining ISO 27001:2022-certified ISMS.
* Secure by Design: Deep understanding of secure SDLC and embedding security into product and system architecture.
* Risk Management: Expertise in building and managing security risk frameworks using methodologies like OCTAVE or FAIR.
* Incident Response: Hands-on experience leading incident response, including regulatory reporting and crisis management.
* Policy & Governance: Skilled in developing and enforcing comprehensive security policies and governance structures.
* Regulatory Compliance: Strong grasp of GDPR, the Data Protection Act, and NIS Directive within a health tech context.
How to Apply:
If this sounds like an environment in which you would excel, please send your CV and a covering letter outlining your suitability, salary requirements, and availability to CNDJobs@CNDLtd.com.