Senior Information Security Specialist

About the role:

As the Senior Information Security Specialist you will be the cornerstone of our Governance Risk and Compliance (GRC) function. This pivotal role involves leading the development maintenance and continuous improvement of our Information Security Management System (ISMS). You will act as the primary subject matter expert for our entire security governance framework ensuring our policies standards and controls are robust auditable and effectively manage risk across the business.

What youll be doing:

Governance Risk & Compliance (GRC) Leadership

• Lead the development management and continuous improvement of the Information Security Management System (ISMS) aligning it with relevant frameworks and standards.
• Update and maintain the Information Security Risk Register facilitating risk assessments identifying treatment plans and reporting risk posture to stakeholders.
• Develop and oversee the internal security audit schedule coordinating technical control testing and compliance reviews to ensure effectiveness and identify areas for improvement.
• Act as the subject matter expert for data classification and data protection defining policies and guiding the business on correct data handling procedures.
• Lead the formal security response for client due diligence questionnaires (DDQs) and support the review of security clauses within commercial contracts.

Third-Party Risk Advisory & Business Engagement

• Manage the end to end third party risk management (TPRM) programme including supplier due diligence risk assessment and ongoing performance monitoring.
• Act as the primary point of contact for information security queries from the business providing expert guidance to both technical and non technical stakeholders.
• Translate complex technical and security risks into clear business-focused language and recommendations.
• Develop manage and deliver the security culture awareness and training programme across the organisation.

Incident Management Leadership & Capability Building

• Define maintain and improve the Incident Response call tree and incident communication roles and processes.
• Support and guide incident response activities from a governance risk and communications perspective ensuring roles responsibilities and escalation paths are clear and effective.
• Provide security leadership coaching and mentoring to junior members of the security team and guidance to wider technical and non-technical staff.
• Act as a trusted authority on GRC matters helping to drive a strong and sustainable security culture across the business.

Who you are:

• Demonstrable experience in two or more major information security domains with strong focus on Governance Risk and Compliance (GRC).
• Proven experience designing implementing and operating an ISMS aligned to recognised frameworks (e.g. ISO 27001 NIST etc.).
• Strong experience in risk management audit compliance and third-party risk management.
• Experience handling client security questionnaires (DDQs) and reviewing security-related contractual requirements.
• Experience supporting or governing incident response including escalation models call trees and communication structures.

Core Skills:

• Excellent written and verbal communication skills with the ability to explain complex security topics in clear business terms.
• Strong planning organisation and documentation skills.
• Stakeholder management across technical and non-technical audiences.
• Risk assessment control design and policy/standard development.
• Coaching mentoring and influencing skills.

Competencies:

• Trusted advisor mindset with strong professional judgement.
• High attention to detail with a pragmatic risk based approach.
• Confident decision-maker who can balance security business needs and delivery.
• Collaborative proactive and comfortable operating with autonomy.
• Committed to continuous improvement and raising organisational security maturity.

Why work with us

At HeliosX we want to improve healthcare for everyone and to do this we need a team of brilliant people who share that ambition. We are currently a diverse team of engineers scientists clinical researchers physicians pharmacists marketeers and customer care specialists committed to our mission - but we need more talented folks to join us if we want to achieve our global ambitions!

Aside from working with our all-star team here are the other benefits of coming on board:

• Generous equity allocations with significant upside potential
• 25 Days Holiday ( all the usual Bank Holidays)
• Private health insurance along with extra dental and eye care cover
• Employee Pension with Smart Pension
• Enhanced parental leave
• Cycle-to-work Scheme
• Electric Car Scheme
• Free Dermatica and MedExpress products every month as well as family discounts
• Home office allowance
• Access to a Headspace subscription discounted gym memberships and a learning and development budget (alongside a free Kindle and audible subscription)

#LI-Senior

#LI-Hybrid