Head of Cyber Security and Information Governance
Omnigen Biodata is looking for a Head of Cyber Security and Information Governance
As we scale our Discover Me platform, we are now looking to hire a Head of Cyber Security and Information Governance. We will consider part-time or fractional positions. The ideal candidate will have a proven track record in developing strategic security initiatives, enforcing robust security policies and procedures, and leveraging technology to protect our information assets. The individual will play a fundamental role in leading and shaping our information security strategy and be responsible for establishing and maintaining a robust cybersecurity framework, staying ahead of emerging threats, and fostering a culture of security awareness throughout the company.
This is a hybrid role based at our Cambridge, UK, Office. We offer a competitive salary, flexible working and 27 days holiday per year plus bank holidays (on a pro rata basis of part-time) and other benefits.
Responsibilities
1. Develop, implement, and oversee the company's information security strategy, aligning it with business goals and industry best practices.
2. Create policies & standards across cyber security and information governance.
3. Identify, assess, and prioritise information security risks, and establish mitigation plans to safeguard critical assets.
4. Design and maintain a secure technology infrastructure, including cloud services and applications using AWS and Terraform Cloud, and end user device management.
5. Ensure compliance with relevant regulations, standards, and frameworks, such as GDPR, ISO 27001, Data Security Prevention Tool Kit and Cyber Essentials Plus.
6. Develop and implement an effective incident response plan to manage and mitigate cybersecurity incidents and breaches.
7. Educate and train employees at all levels to promote a security-conscious culture and empower them to recognize and respond to security threats.
8. Evaluate third-party vendors and partners for security risks and enforce appropriate security controls.
9. Lead security-related and information governance due diligence activities.
10. Conduct regular security assessments, threat modelling, penetration testing, and vulnerability assessments to identify and address weaknesses in cloud services and applications.
11. Act as security advisory to other areas of the business.
12. Lead and manage security audits and accreditations, and assessments including Cyber Essentials Plus, DSP and ISO 27001.
13. Work collaboratively with other company functions to a broad and mission driven approach to information security.
14. Provide regular reports to executive leadership and the board of directors on the state of information security including all current security metrics, potential risks, and ongoing initiatives.
15. Receive alerts around security events and act on them, including false positives, escalation and reporting.
16. Resolve security incidents and provide a practical response as needed.
Skills and Experience
1. Industry-recognized certifications such as CISSP, CISM, CISA, or other relevant certifications are highly desirable.
2. Strong understanding of cybersecurity technologies, practices, and trends, including network security, encryption, identity and access management, intrusion detection/prevention systems.
3. Excellent communication and interpersonal skills, with the ability to articulate complex technical concepts to non-technical stakeholders.
4. Proven experience in leading and managing a team of security professionals.
5. Demonstrated ability to think strategically and translate security requirements into business objectives.
6. Familiarity with health data and population research security and regulatory compliance.
7. Ability to work collaboratively with cross-functional teams and regulatory authorities.
8. High ethical standards and a commitment to maintaining confidentiality.
9. Demonstrable experience of AWS services and infrastructure including Terraform Cloud.
10. Use of Azure framework for identity management including single sign on.
Seniority Level
Executive
Employment Type
Part-time
Job Function
Information Technology
#J-18808-Ljbffr