We are expanding our Security Team! Our Future Health are looking to recruit a Security Risk and Assurance Manager, this is a new opportunity where you’ll join the newly formed Security Team, reporting into our Director of Information Security. In this role, you’ll take the lead on security risk activities, managing our security risk register, security assurance which includes third party security assurance. If you have experience of the above and you’re looking to contribute to our mission, we’d like to see your application.

At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke.  We’re looking for people to join us on our journey. If you’re looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we’re keen to speak with you. 

What you’ll be doing:

This role should help us mature our approach to security risk management and security assurance, including third party security assurance. In this role, you will be responsible for:

GRC

• Manage our risk register, including ensuring risk mitigations are on track and risk acceptances are regularly reviewed
• Conduct and support risk assessment and threat modelling activities
• Maintain security policies and other key security documents
• Support security governance activities
• Monitor our security KPIs and Metrics and produce our monthly Security Reporting Pack
• Drive compliance to our security framework
• Assist our ‘Quality and Management Systems’ team with maintaining ISO 27001, Cyber Essentials Plus and other security certifications.

Assurance (inc. Third Party Assurance)

• Manage the security assurance schedule.
• Organise security tests and assurance activities, including tracking of the remediation of findings
• Help define assurance activity scopes and ensure overall coverage of assurance work
• Perform security assessments against industry standards, including against technical standards (e.g. NIST, CSA STAR)
• Perform security assessments of non-technical aspects of security (e.g. assessing security culture through maturity assessments, phishing tests, etc.)
• Conduct security due-diligence on third parties

General

• Help drive employee security awareness
• Support the InfoSec Director with various activities (e.g. defining a security strategy)
• Support the wider InfoSec team with various activities (e.g. threat modelling, post-incident reviews, vulnerability triage)
• Support non-security projects with following a DevSecOps approach, especially the security risk and security assurance aspects of such an approach

What you won’t be doing:

• Working in a siloed environment with no freedom to make decisions.
• Working in an environment where you can’t see the impact your expertise makes.

The environment

We’re an agile team who work in short, product focused development cycles, solving complex technology problems in collaboration with a ground-breaking team of Behavioural Scientists, Epidemiologists, Clinical Operations specialists, and Ethicists. We’ve come from start-ups, tech companies, universities, the NHS and health charities. Together we’re experienced in building and scaling big consumer products, working with different kinds of health data.

Requirements

We absolutely welcome applicants who don't think they meet all the criteria below or who have a non-traditional security background.

• Experience of complex and technical security risk assessments
• Experience organising and overseeing security assurance activities, including penetration tests
• Experience conducting third party security assurance
• Ideally have experience of threat modelling
• Exposure to Agile working
• Knowledge of ISO 27001 and other commonly used security standards
• Understanding of modern cloud technologies
• Desire to be part of a small fast-paced team
• Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP

Benefits

• Salary up to £65,000
• Generous company pension package with employer contributions of up to 12%
• 30 days annual leave (plus bank holidays.)
• Continuous career development with regular appraisals and learning and development opportunities.
• A lovely new office in Holborn, Central London – we offer flexible and remote working arrangements.
• Join us - let’s prevent disease together.