Information Security & Governance Officer

Location: London is expanding to meet the needs of the global healthcare market with the regulatory and clinical strategy being the core component.

We are pursuing market approval in multiple regions, and to that end have a strong internal focus on Quality, Information Security and Information Governance within the business.  Effective Information Security controls are vital in an industry dealing with sensitive health data and novel technology; effective information governance processes (including compliance with applicable data protection laws and regulations) are integral to ensuring smooth market access in the regions in which operate.


  • Day-to-Day management of the ISO 27001 Information Security Management System (ISMS)
  • Execute on the IG & IS plan, with activities ranging from documenting procedures and internal audit to motivational and promotional activities expounding the value of information security and good governance
  • To lead on the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies/procedures and applicable laws and regulations.
  • Work with representatives from customers and suppliers to complete Data Protection Impact Assessments and establish Data Sharing Agreements
  • Liaise and offer direction to related governance functions (such as Physical Security, Risk Management, IT, HR, etc…) as necessary, on information security matters such as routine security control activities plus review of emerging security risks & related control technologies.
  • Contribute to the development of internal Information Security/Governance policies, processes, procedures, work instructions & workflows
  • Lead on activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant internal business functions and third parties
  • Lead on GDPR, HIPAA and other regional compliance requirements
  • Lead on annual NHS DSP Toolkit submissions
  • Coordinate HITRUST certification activities
  • Work with the Operations Team to ensure effective systems and network monitoring/management
  • Assist in some QMS maintenance activities as required



  • Expert level ISO 27001 ISMS management & administration experience
  • Expert level knowledge of ISO 27001 Annex A controls
  • Intermediate to expert level knowledge of the GDPR
  • Intermediate to expert level knowledge of HIPAA
  • Expert knowledge of general information security & governance principles
  • Previous experience of carrying out ISO 27001 internal audits
  • Beginner to intermediate level technical knowledge of network and desktop/server operating systems
  • Beginner to intermediate level technical knowledge of current network hardware, protocols, and standards
  • Expert knowledge of systems access control principles
  • Intermediate level knowledge of cyber security risks and principles
  • Intermediate level knowledge of business continuity planning
  • Intermediate knowledge of systems hardening principles
  • Intermediate knowledge of vulnerability management technologies
  • Intermediate knowledge of change management principles
  • Beginner knowledge of logging and monitoring technologies

Nice to have

  • Previous experience of working with NHS organisations
  • Previous experience working in the Medical Devices industry
  • Previous experience of implementing centralised control and management of both desktop and server endpoints
  • Expert level Cyber Security knowledge with experience of penetration testing
  • Previous experience of project management
  • Previous experience of HITRUST implementation

A full job description is available on request. Please click the “Contact Us” button to enquire about this role.