Security Risk and Assurance Manager at Our Future Health
London, United Kingdom
Job Descrption
We are expanding our Security Team! Our Future Health are looking to recruit a Security Risk and Assurance Manager, this is a new opportunity where you’ll join the newly formed Security Team, reporting into our Director of Information Security. In this role, you’ll take the lead on security risk activities, managing our security risk register, security assurance which includes third party security assurance. If you have experience of the above and you’re looking to contribute to our mission, we’d like to see your application.
At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke. We’re looking for people to join us on our journey. If you’re looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we’re keen to speak with you.
What you’ll be doing:
This role should help us mature our approach to security risk management and security assurance, including third party security assurance. In this role, you will be responsible for:
GRC
Manage our risk register, including ensuring risk mitigations are on track and risk acceptances are regularly reviewed
Conduct and support risk assessment and threat modelling activities
Maintain security policies and other key security documents
Support security governance activities
Monitor our security KPIs and Metrics and produce our monthly Security Reporting Pack
Drive compliance to our security framework
Assist our ‘Quality and Management Systems’ team with maintaining ISO 27001, Cyber Essentials Plus and other security certifications.
Assurance (inc. Third Party Assurance)
Manage the security assurance schedule.
Organise security tests and assurance activities, including tracking of the remediation of findings
Help define assurance activity scopes and ensure overall coverage of assurance work
Perform security assessments against industry standards, including against technical standards (e.g. NIST, CSA STAR)
Perform security assessments of non-technical aspects of security (e.g. assessing security culture through maturity assessments, phishing tests, etc.)
Conduct security due-diligence on third parties
General
Help drive employee security awareness
Support the InfoSec Director with various activities (e.g. defining a security strategy)
Support the wider InfoSec team with various activities (e.g. threat modelling, post-incident reviews, vulnerability triage)
Support non-security projects with following a DevSecOps approach, especially the security risk and security assurance aspects of such an approach
What you won’t be doing:
Working in a siloed environment with no freedom to make decisions.
Working in an environment where you can’t see the impact your expertise makes.
The environment
We’re an agile team who work in short, product focused development cycles, solving complex technology problems in collaboration with a ground-breaking team of Behavioural Scientists, Epidemiologists, Clinical Operations specialists, and Ethicists. We’ve come from start-ups, tech companies, universities, the NHS and health charities. Together we’re experienced in building and scaling big consumer products, working with different kinds of health data.
Requirements
We absolutely welcome applicants who don't think they meet all the criteria below or who have a non-traditional security background.
Experience of complex and technical security risk assessments
Experience organising and overseeing security assurance activities, including penetration tests
Experience conducting third party security assurance
Ideally have experience of threat modelling
Exposure to Agile working
Knowledge of ISO 27001 and other commonly used security standards
Understanding of modern cloud technologies
Desire to be part of a small fast-paced team
Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP
Benefits
Salary up to £65,000
Generous company pension package with employer contributions of up to 12%
30 days annual leave (plus bank holidays.)
Continuous career development with regular appraisals and learning and development opportunities.
A lovely new office in Holborn, Central London – we offer flexible and remote working arrangements.
Join us - let’s prevent disease together.
We will be closing applications for this role on Friday 15th of December 2023.
Your CV has been submitted successfully.
Complete form below to directly Send your CV / Linkedin Profile to Security Risk and Assurance Manager at Our Future Health.
@
You will receive all responses from employer on this email
Example: Application for the post of 'Accountant'
Example: Introduce your self and give purpose of your application
*All fields are mandatory.
Loading...
OUR FUTURE HEALTH 13 jobs found
Senior Data Scientist (Participant Health Feedback) at Our Future Health
London, United Kingdom
Security Risk and Assurance Manager at Our Future Health
London, United Kingdom
Data Engineer (Questionnaire) at Our Future Health