Lead Security Engineer

Social network you want to login/join with:

NearTech have partnered with an innovative and purpose-led Health-Tech scale up to find them an Info Sec / DevSecOps Engineering Lead. You will take ownership of security, privacy, and regulatory compliance across their platform and products. This role will work closely with engineering, product, and leadership teams to design and implement secure systems and maintain alignment with health tech regulations, including ISO 27001, UK GDPR, and frameworks relating to AI in healthcare and Software as a Medical Device (SaMD).

This is a key hire for an exciting Healthtech company where you will have a huge impact!

Key Responsibilities:

• Establish and enforce security and compliance policies across infrastructure, applications, and operational workflows.
• Create and manage a roadmap for achieving ISO 27001 certification; support additional standards such as Cyber Essentials Plus and NHS DSPT.
• Lead internal compliance audits and facilitate preparations for external assessments.
• Integrate security best practices throughout the software development lifecycle.
• Collaborate closely with engineering teams to ensure secure system architecture (hosted on AWS) and deployment methods.
• Monitor and report on emerging security threats related to AI, cloud technologies, and web infrastructure.
• Oversee the creation and maintenance of policy documents, employee training, and incident response protocols.
• Track relevant regulatory developments and ensure continuous compliance.
• Serve as the central contact for all security and compliance issues.
• Work in partnership with Legal and Operations teams to coordinate compliance initiatives.

Required Experience:

• Minimum of 5 years’ experience in Security, Compliance, or DevSecOps roles (ideally within health tech or similarly regulated industries).
• Strong expertise in ISO 27001, UK GDPR, and related industry frameworks.
• Direct involvement with ISO audits and certification processes.
• Solid knowledge of cloud environments, especially AWS, and web application security principles.
• Familiarity with security tools such as SIEMs, CSPM solutions, and vulnerability assessment platforms.
• Prior experience working with UK healthcare entities, including the NHS or private providers.

If you come from a Info Security / DevSecOps / Security Engineering background and excited by the prospect of working for a Health-Tech scale-up, please apply with a copy of your CV ASAP.