Head of Information Security

Job Title: Head of Information Security

Reporting To: Chief Technology Officer

Location: Bournemouth / Hybrid Working

Salary: Competitive

Job Type: Full Time 37.5 hours a week

Our Purpose

Nourish Care is the UK market leader in digital social care planning. Our SaaS platform empowers care providers to deliver more transparent coordinated and person-centred care. With thousands of care services already using our product we are scaling fast and aiming even higher our mission is simple: better care for all.

About the Job

Were looking for an experienced Head of Information Security to lead and scale Nourishs security strategy in a fast-paced cloud-native multi-product SaaS environment. Youll be responsible for safeguarding the confidentiality integrity and availability of customer and business data and for embedding security into everything from DevSecOps pipelines to our commercial practices.

Youll play a pivotal role in meeting the expectations of enterprise customers regulators and auditors alike guiding the business through certifications like ISO 27001 Cyber Essentials Plus and SOC 2 while partnering with engineering and product teams to ensure security is treated as a product feature not a compliance tick-box.

Key Responsibilities

Strategic Leadership

• Develop and own Nourishs SaaS security roadmap aligned with growth architecture evolution and compliance needs
• Act as the subject matter expert on all things security internally and externally (customers partners prospects auditors)
• Support Sales and Customer Successin security assurance and due diligence processes (e.g. RFPs InfoSec questionnaires)
• Own Nourishs external security posture including input to Trust Centre whitepapers and customer-facing documentation

• Champion secure-by-design principles across the software development lifecycle
• Own DevSecOps processes: shift-left security secrets management CI/CD hardening container security vulnerability scanning
• Collaborate with Product and Engineering teams on threat modelling penetration testing and remediation efforts
• Select implement and manage key SaaS security tooling (e.g. SAST/DAST SIEM CSPM endpoint protection IAM)
• Ensure alignment with cloud-native architecture and tooling (we primarily use AWS GitHub Actions and Terraform)

Compliance & Assurance

• Lead ongoing readiness and evidence for ISO 27001 SOC 2 Type I & II and Cyber Essentials Plus
• Maintain and evolve the ISMS in line with business growth and operational maturity
• Maintain the security risk register treatment plans and internal audit programme
• Collaborate with Compliance and DPO on data protection alignment (e.g. DPIAs vendor risk breach response)

Operational Security

• Own incident response procedures including tabletop exercises and post-mortems
• Oversee endpoint and cloud security tooling logging and alerting (in collaboration with DevOps/IT)
• Manage business continuity and disaster recovery processes from a security perspective

Culture & Governance

• Deliver internal training and awareness programmes across the business
• Lead monthly security KPIs and reports into SMT and governance forums
• Monitor emerging threats SaaS-specific security risks and evolving regulation to inform strategy
• Drive a strong security culture across the business through storytelling education and leadership

Key Deliverables

• Successful recertification of ISO 27001 and Cyber Essentials Plus
• SOC 2 Type I and II: audit readiness gap closure and ongoing assurance
• Up-to-date ISMS documentation and live security risk register
• Completion of security training for >95% of staff within policy windows
• Continuous improvement in internal vulnerability management and response SLAs
• Measurable maturity improvements in DevSecOps and SaaS infrastructure controls
• Demonstrated impact on commercial outcomes via faster security assurance for enterprise deals

Your Background

• Proven experience leading security in a B2B SaaS company ideally in healthtech govtech or another regulated vertical
• Deep understanding of cloud-native architecture (AWS preferred) and SaaS security challenges (multi-tenancy authN/Z data segregation)
• Hands-on familiarity with common tools across the security stack (e.g. Terraform GitHub Actions Datadog Snyk AWS Config CrowdStrike)
• Experience managing ISO 27001 SOC 2 or equivalent frameworks in production environments
• Strong communicator who can balance risk with pragmatism and align security priorities with business goals
• Experience scaling security capabilities alongside company growth and product maturity

Nourish Benefits:

• 25 Days paid leave Plus Public holidays
• Additional incremental leave for length of service up to 5 days.
• Private Medical Insurance including a personal health plan
• Group Life Assurance
• Employee Referral Bonus Scheme
• Enhanced Maternity leave
• Pension Contribution
• Employee Assistance Programme
• Birthday Day off
• and many more.....

All positions at Nourish are subject to a satisfactory Enhanced Disclosure and Barring Service check references and receipt of the appropriate Right to Work documents. Nourish is proud to be an equal opportunities employer and we actively seek and embrace differences in thinking experience ethnicity age gender faith personalities and styles.

The different skills experiences and backgrounds our employees bring to their roles creates a diverse and makes Nourish a special place to work.