About us: Spectrum.Life is a whole-of-health digital partner that guides organisations and their people to thrive, delivering clinically backed digital health, mental health and wellbeing solutions. Our HealthTech delivers digital transformation for Insurers, Educators and Employers through Co-creation or seamlessly integrated out-of-the-box solutions, that decrease digital fragmentation and engage, empower, and transform their people’s lives. Established in 2018 by Stuart McGoldrick and Stephen Costello, Spectrum.Life provides services internationally to over 7.2m insurance members, 3,000 corporate clients, 60 universities and 650,000 university students. Spectrum.Life currently employs over 260 people, including over 125 clinicians. Our vision is to change and save as many lives as possible. Role Brief: As the Security & Privacy Manager, you will be responsible for implementing and evolving Spectrum.Life’s cybersecurity and privacy frameworks. You’ll work closely with internal teams and manage relationships with third-party consultants to enhance our defences, align with business objectives, and ensure compliance with data protection regulations. This role requires a well-rounded security professional with both in-depth cybersecurity knowledge and experience in data privacy. Responsibilities: Cybersecurity Strategy and Implementation Lead the development, deployment, and management of Spectrum.Life’s cybersecurity strategy to protect our systems and sensitive information. Work with external consultants to conduct risk assessments, penetration tests, and security audits, ensuring any identified vulnerabilities are addressed. Establish robust security protocols and procedures, implementing measures to prevent unauthorised access, data breaches, and other security incidents. Collaborate with the engineering and product teams to embed security best practices into the software development lifecycle (SDLC) and cloud infrastructure. Develop incident response plans, lead investigations in case of a security incident, and coordinate with third parties for a rapid and effective response. Privacy and Data Protection Compliance Oversee Spectrum.Life’s data protection framework, ensuring strict adherence to GDPR, ePrivacy, and other relevant data protection laws. Manage and regularly review privacy policies, data processing agreements, and data retention practices to ensure they align with regulatory requirements. Conduct data protection impact assessments (DPIAs) on new projects and services, collaborating with external privacy consultants where needed. Ensure privacy-by-design is embedded into product development and service delivery, working with internal and external teams to maintain compliance. Third-Party Management and Collaboration Build and maintain strong working relationships with third-party cybersecurity and privacy consultants, leveraging their expertise to enhance Spectrum.Life’s security posture. Oversee the selection, onboarding, and ongoing management of third-party vendors, ensuring they meet Spectrum.Life’s security and privacy standards. Collaborate with external auditors and assessors to ensure consistent compliance and best practices are maintained across all third-party interactions. Manage contractual obligations with vendors to align with cybersecurity and privacy needs, monitoring SLAs and KPIs to ensure performance aligns with business objectives. Risk Management and Compliance Oversight Lead risk assessments, identifying and prioritising cybersecurity and data privacy risks, and implementing mitigation strategies. Ensure compliance with security frameworks and standards such as ISO 27001, NIST, and industry-specific regulations to maintain certifications and compliance. Develop and maintain documentation on cybersecurity policies, data protection practices, risk assessments, and incident response procedures. Cybersecurity Training and Awareness Develop and conduct security awareness training across the organisation, educating employees on secure data handling, cybersecurity threats, and privacy regulations. Foster a culture of security awareness and vigilance, ensuring all staff understand their role in protecting the organisation and its users. Reporting and Business Alignment Regularly report to senior management on the status of security and privacy initiatives, risk levels, and incident resolutions. Generate actionable insights and present findings in a way that aligns with business goals, highlighting the impact of cybersecurity and privacy on business growth and user trust. Provide updates on regulatory changes, security risks, and recommended actions to ensure Spectrum.Life remains proactive in its security and privacy efforts. Requirements: Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A master’s degree or advanced certification in cybersecurity or data privacy is a plus. Experience: Minimum of 5 years of experience in cybersecurity and data privacy roles, with a track record of successfully working with external consultants and vendors to manage and strengthen security. Certifications: Relevant certifications such as CISSP, CISM, CIPP/E, CIPT, or ISO 27001 Lead Implementer are highly desirable. Technical Proficiency in Cybersecurity: Strong technical knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001), network and application security, and incident response best practices. Data Privacy Expertise: Deep understanding of GDPR, ePrivacy, and other data protection laws, with experience in implementing privacy-by-design. Vendor Management and Collaboration: Experience in managing third-party security and privacy consultants, overseeing vendor assessments, and negotiating service levels to align with business goals. Business and Risk Management Acumen: Proven ability to balance security and privacy objectives with business goals, identifying risk mitigation strategies that align with operational needs. Analytical and Problem-Solving Skills: Ability to assess complex security risks and data privacy issues and make data-driven recommendations that support business objectives. Communication Skills: Strong written and verbal communication skills, with the ability to translate complex cybersecurity issues into clear, actionable insights for non-technical stakeholders. Desirable: Health or SaaS Industry: Experience working in healthcare, SaaS, or another highly regulated industry. Cloud Security Knowledge: Proficiency with cloud security practices, particularly with providers such as AWS and Azure. What are the benefits of working at SPECTRUM.LIFE? Full time permanent contract Competitive salary (Dependent on experience). In-office, remote or hybrid working options 25 days annual leave Opportunities for professional growth and career advancement Flexible work arrangements 24/7 EAP and a wide range of health and wellbeing supports Extensive list of employee perks and benefits https://app.box.com/s/6wwkvowbev6cn7tlvq9yz32amnpmnvcl