Head of Information Security

Posted 16 September 2022
SalaryMarket related
Job type Permanent
DisciplineDigital InnovationOffice jobs
ContactSian Heard

Job description

Will you be the Head of Information Security who makes a difference? Join us to set up the department that will raise the bar in protecting our business and help give Britain the care service it deserves.  Remote/Work from home. Core working hours are Monday to Friday 9:00 – 5:30 (37.5 hours per week).

What we’re offering

  • Flexible working. Home Based with access to work in our office in central London for team meetings on an ad-hoc basis 
  • Company Performance Bonus up to 10% of your salary 
  • 28 days annual leave including Bank Holidays, increasing to 33 days after 12 months service. A further 5 days of annual leave can be earned through length of service.   
  • Subscription to online learning platform O’Reilly 
  • Hackathon days and personal development days 
  • Perks at Work and Medicash schemes giving you access to a 24/7 Employee Assistance Programme, cash back on a range of services including optical, dental and physio as well as exclusive employee pricing and discounts 
  • BUPA Private Medical Cover, a scheme that you will be asked if you wish to opt into 
  • Employer pension contributions 3% of eligible earnings 
  • MacBook & IT kit

The difference we can make together

These are no ordinary times for Newcross as a business - join us on a journey of process change & innovation as we transform into a technology company, while keeping people at the heart of every decision. Our mission is to become the world’s leading provider of healthcare services by creating a platform that connects healthcare workers directly to those in need of healthcare services. Our Massive Transformational Purpose is underpinned by the motto - “Systemise the transactional, so we can humanise the exceptional’.  

The difference you can make as Head of Information Security 

We are looking for a Head of information security ready to step up for the next challenge to help bridge IT security with healthcare regulation. You will be reporting directly to the CTO and will initially need to be hands on while building the department over the next two years. As an innovator in cyber security it is key that you are able to scale your knowledge by creating repeatable documented security transformation processes that others across the business can implement and replicate.  

What you’ll be doing  

  • You will ultimately be building our CISO structure within 2 years whilst being hands on  
  • You’ll be responsible for building an integrated Privacy, Security and Governance capability within the organisation                             
  • You’ll work closely with business and technology teams to communicate the Info Sec governance programme, identifying risks and threats, evaluating and helping implement controls and improvements whilst attracting, retaining & coaching/mentoring high-performing Info Sec talent.
  • You’ll challenge the status quo by incorporating the latest market developments/best practices and bring outside knowledge into the organisation 
  • You’ll facilitate periodic security testing activities (e.g. penetration testing, DR exercises) and prioritise and manage response activities 
  • You’ll improve and support relevant security metrics; analyse data, identify trends and drive improvements to the control environment whilst collaborating with in-house specialists across various functions

The skills that make you different

  • Demonstrated experience in a senior level Info Sec role 
  • Good balance of technical, management and policy hands on experience  
  • Passionate about building a strong Info Sec culture                                                                        
  • Experience in aligning Info Sec controls to regulatory obligations (GDPR, HIPAA) 
  • Demonstrated ability to translate security requirements and standards into easily understood business concepts and vice versa 
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, SOC2 and relevant industry certifications.