Cyber & Information Security Lead

Overview

Job Title: Cyber & Information Security Lead

Type: Full Time & Permanent

Location: Hybrid/Bath, England

About the Role: Seeking a senior cyber and information security professional to lead on safeguarding critical healthcare technology platforms. This role focuses on compliance, risk management, and security governance—particularly within public sector or regulated environments. The role is suitable for someone who has been working at CISO level or is ready to step into a strategic leadership position.

A global, forward-thinking organisation that prioritises staff wellbeing with flexible hybrid working, and a strong commitment to quality and compliance in healthcare technology.

• Security Strategy
  :
  Define and maintain a robust security strategy aligned with business goals and growth.
• Compliance
  :
  Ensure adherence to key standards including DSPT, Cyber Essentials Plus, and ISO
  27001:2022.
• Risk Management
  :
  Lead the identification and mitigation of information security risks across all operations.
• Security Architecture
  :
  Oversee secure system and software design throughout the development lifecycle.
• Incident Response
  :
  Manage the full lifecycle of security incidents, including reporting to relevant authorities.
• Awareness & Training
  :
  Drive a strong security culture through staff training and awareness initiatives.
• Regulatory Compliance
  :
  Support ongoing compliance with UK and EU data protection laws and regulations.
• Leadership
  :
  Provide strategic leadership and mentorship within the governance, risk, and compliance team.
• Security Leadership
  :
  Senior-level experience in information security, ideally in a CISO or equivalent role within software or health tech.
• Healthcare Standards
  :
  Knowledge of UK healthcare security frameworks like DSPT, DTAC, and NCSC CAF.
• ISO 27001
  :
  Experience implementing and maintaining ISO 27001:2022-certified ISMS.
• Secure by Design
  :
  Deep understanding of secure SDLC and embedding security into product and system architecture.
• Risk Management
  :
  Expertise in building and managing security risk frameworks using methodologies like OCTAVE or FAIR.
• Incident Response
  :
  Hands-on experience leading incident response, including regulatory reporting and crisis management.
• Policy & Governance
  :
  Skilled in developing and enforcing comprehensive security policies and governance structures.
• Regulatory Compliance
  :
  Strong grasp of GDPR, the Data Protection Act, and NIS Directive within a health tech context.

If this sounds like an environment where you would excel, please send your CV and a covering letter outlining your suitability, salary requirements, and availability to

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Management and Quality Assurance
• Industries: Computer and Network Security

We’re unable to display the remaining content from the original listing and recommend reviewing the job posting on the employer site for any additional details.