Information Security Lead

We're looking for an Information Security Lead, who will own security strategy, delivery, and operational assurance across internal products, platforms, and data systems. Reporting directly to the CTO, this role combines hands-on technical leadership with people management, working closely with engineering, product, and data teams to ensure systems are secure, resilient, and compliant by design., Security Strategy & Leadership

• Define, own, and evolve the organisation's information security strategy and roadmap.
• Partner with the CTO on security risk management, prioritisation, and investment decisions.
• Act as the primary security authority for internal platforms and products.
• Champion security-by-design and DevSecOps principles across engineering and data teams.

Team Management

• Line-manage one security engineer, providing coaching, mentoring, and performance management.
• Support professional development, skills growth, and career progression.
• Build and promote a strong security culture across the wider technology organisation.

Internal Product Testing & Support

• Own and continuously improve security testing practices for internal products and platforms.

• Embed security testing into QA and release pipelines, including:

• Static and dynamic application security testing (SAST/DAST)

• Dependency and supply-chain scanning

• Vulnerability and configuration assessments

• Partner with engineering teams to ensure internal tools and platforms meet defined security and operational standards prior to release.

• Act as a senior escalation point for security-related production issues.

• Lead root-cause analysis and remediation of security incidents impacting internal systems.

Data Platform & Data Security

• Lead security design and governance for data platforms, including data pipelines, lakes, warehouses, and analytics tooling.

• Define and enforce data security controls, including:

• Data classification and handling standards

• Encryption at rest and in transit

• Identity and access management (IAM) and least-privilege access models

• Secure data sharing and API access

• Partner with data engineering teams to embed security controls across ingestion, processing, storage, and consumption layers.

• Ensure GDPR and data protection compliance, including data retention, deletion, auditability, and breach response.

• Support the secure enablement of analytics, BI, and AI/ML workloads, balancing accessibility with privacy and risk management.

Governance, Risk & Compliance

• Define and maintain security policies, standards, and procedures aligned with frameworks such as ISO 27001, NIST, and GDPR.
• Lead vulnerability management, threat modelling, and risk assessments.
• Own incident response processes and post-incident reviews.
• Prepare for internal and external audits and coordinate with third-party security partners where required.
• Track and report security risks, KPIs, and maturity metrics to senior leadership.

Do you have experience in SIEM?, * 5+ years' experience in information security or cybersecurity roles.

• Experience operating in a senior or lead capacity.
• Proven experience managing or mentoring engineers.
• Strong knowledge of:

• Secure SDLC and DevSecOps practices

• Cloud security (AWS, Azure, or GCP)

• Identity and access management

• Data security and privacy principles

• Comfortable working hands-on when required, while also operating at a strategic level.

• Excellent communication skills with both technical and non-technical stakeholders.

Desirable

• Experience securing data platforms, analytics environments, or AI/ML workloads.
• Familiarity with SIEM, EDR, vulnerability management, and cloud security tooling.
• Experience preparing organisations for security or compliance audits.
• Relevant certifications (e.g. CISSP, CISM, CCSP, ISO 27001 Lead Implementer).

• Competitive salary of £55,000 - £65,000
• Work from our Canary Wharf office, or Hybrid with remote days in the UK.
• 33 days holiday (includes UK public holidays)
• Team get-togethers
• A paid day off on your birthday
• Office equipment when you join
• Pension contribution
• Be part of one of the UK's most ambitious HealthTech start-ups

️Our Hiring Process

We aim to make our hiring process as streamlined as possible.

All shortlisted candidates will be invited to a Talent Call with one of our Talent Acquisition Specialists, with successful candidates having a second stage interview and skills based assessment with our CTO.

Join Us at The Centre for ADHD Research and Excellence: Shaping the Future of Accessible Healthcare At CARE ADHD, we're revolutionising private healthcare by making ADHD assessments and treatment more affordable and accessible to those who need it. Our client-centred approach, combined with lean methodology and a focus on continuous improvement, drives our commitment to excellence. We embrace an innovative mindset, encouraging rapid learning and adaptation through our 'fail fast' ethos. With ambitious plans to become the largest ADHD service provider outside the NHS within the next five years, we are committed to pushing boundaries and fostering innovation., At CARE ADHD, we're revolutionising private healthcare by making ADHD assessments and treatment more affordable and accessible to those who need it. Our client-centred approach, combined with lean methodology and a focus on continuous improvement, drives our commitment to excellence. We embrace an innovative mindset, encouraging rapid learning and adaptation through our 'fail fast' ethos. With ambitious plans to become the largest ADHD service provider outside the NHS within the next five years, we are committed to pushing boundaries and fostering innovation.     If you require alternative methods of application or screening, you must approach the employer directly to request this as Indeed is not responsible for the employer's application process.