Connecting to LinkedIn...

Information Security Risk Manager

Information About This Job

Job Title: Information Security Risk Manager
Contract Type: Permanent
Location: City
Contact Name: Ben Cheema
Contact Email:
Job Published: almost 2 years ago

Job Description

Our client, a leading provider of healthcare solutions is seeking to appoint an InfoSec Risk manager to join their busy team in London.


About The Company

The firm is the leading provider of digital healthcare app solutions for doctors and patients. Over the years, the firm has built a number of systems for doctors in the NHS, most notably, an OSS electronic patient records app for one of Londons busiest hospitals. They are responsible for building patient record stores, terminology services, integration components, identity and access management services, managing the application lifecycle in a secure way, and wrangling tools to deal with all the compliance and documentation requirements that come with working in a highly regulated field. 

The firm's latest project aims to break down the traditional barriers to entry for engineers in healthcare and leverages the power of the cloud for scale, cost and speed.

Infosec is at the heart of everything the firm does as a business. Their solutions will provide data storage service for engineers to store individually identifiable health data belonging to patients. This data is defined as sensitive personal data by European data protection law and must be protected with robust security controls. These controls will be part of a risk-based information security management system (ISMS) in compliance with ISO27001 that the firm operates to ensure the confidentiality, integrity and availability of patient data is safeguarded at all times. The ISMS will also provide a risk management framework that covers the entire information security management lifecycle - planning, implementation, monitoring and improvement/remediation.

Planning, implementing, operating and improving a wide-ranging ISMS is complex and requires significant expertise and investment. In doing this, and offering this an important attribute of Platform services, the firm aims to significantly reduce its customers' compliance burden.  Additionally, the firm has developed a documentation tool that provides both evidence of compliance for the platform and AWS cloud infrastructure services against various requirements (legal, regulatory, contractual), as well as pre-canned content that can be used by customers to bootstrap their own journey to compliance for the bit of the technology stack they are producing.


Key Responsibilities

  • Provide comprehensive oversight of the organisation’s ISMS (this will be ISO27001-compliant), following the plan, do, check, act infosec management life cycle (all of these activities will require close collaboration with the Security Officer/CTO, Engineering Lead and Engineering manager):

    • Plan

      • Ownership and coordination of all risk assessment and risk treatment plan activities

      • Ensuring ISMS responsibilities are suitably allocated amongst the firm employees

    • Do

      • Oversight of implementation of all controls defined in risk treatment plan ○ Check:

      • Oversight of monitoring and measurement of implemented controls, as well as all internal audit activities

      • Reporting to management on results and recommendations of audit process

    • Act

      • Implementation of corrective / improvement plans

  • Resource planning for ISMS implementation and maintenance

  • Provide leadership and insight to the organisation on all matters related to ISMS compliance and infosec

  • Develop employee training materials and lead internal infosec awareness campaigns

  • Oversight of ISMS documentation creation and management lifecycle● Active involvement in documentation tool requirements setting and user feedback. Will be an active user of the tool to document requirements and establish traceability between infosec requirements and evidence of compliance with requirements.

  • Working with the engineering manager to ensure infosec best practice is embedded into the agile working practices of the engineering team  in a way that suits their preferences ( this point is  really  important! )


Skills / Experience


  • Strong educational track record in the field of infosec, supported by appropriate industry qualifications, such as CISSP or CISM

  • A clear understanding of a range of international security and relevant compliance standards, primarily ISO27001 (and related 27000 standards, e.g. 27005 for infosec risk management), but also NIST, SANS Top 20 security controls, and data protection legislation

  • A detailed knowledge and understanding of risk management frameworks, and how they can be utilised to implement ISMSs like ISO27001.

  • Track record of successful ISMS accreditations against ISO27001 and other relevant standards

  • An ability to actively think about and contribute to the work of the engineers building tools to support your ISMS compliance workflow (this should make your life a lot easier!)

  • Ability to communicate and engage with various areas of the business, including senior stakeholders straddling clinical, technical and managerial domains


Desirable (though not essential)

  • Experience of implementing ISO27001 in a healthcare context, and a solid understanding of the peculiarities of working with individually identifiable health information

  • Knowledge of national legislation and regulation pertaining to individually identifiable health data

  • Knowledge of and experience with compliance with the HIPAA and HITRUST legislation and frameworks in the US

  • Knowledge of and experience with compliance with Medical Devices Regulation, and how this could be integrated into an overarching Risk management framework

Share This Job

Similar Jobs

Washington, D.C.
Published: 15 days ago
Published: 15 days ago
Published: 29 days ago
Published: 29 days ago
Published: 5 months ago