Enable job alerts via email!

Lead Security Engineer

ZipRecruiter

London

On-site

GBP 90,000 - 100,000

Full time

4 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading Health-Tech scale-up seeks an InfoSec / DevSecOps Engineering Lead in London. The role involves ensuring security, privacy, and compliance across the platform. Responsibilities include establishing security policies, leading compliance audits, and overseeing internal training. This key hire will have a significant impact in a rapidly evolving sector.

Qualifications

Minimum of 5 years’ experience in Security, Compliance, or DevSecOps roles ideally within health tech.
Strong expertise in ISO 27001, UK GDPR, and related frameworks.
Direct involvement with ISO audits and certification processes.

Responsibilities

Establish and enforce security and compliance policies across infrastructure and applications.
Create and manage a roadmap for achieving ISO 27001 certification.
Monitor and report on emerging security threats related to AI.

Skills

Security

Compliance

DevSecOps

Cloud Security

Tools

SIEMs

CSPM

Vulnerability Assessment Platforms

Job Description

InfoSec / DevSecOps Engineering Lead, London, £90,000 - £100,000

NearTech have partnered with an innovative and purpose-led Health-Tech scale up to find them an Info Sec / DevSecOps Engineering Lead. You will take ownership of security, privacy, and regulatory compliance across their platform and products. This role will work closely with engineering, product, and leadership teams to design and implement secure systems and maintain alignment with health tech regulations, including ISO 27001, UK GDPR, and frameworks relating to AI in healthcare and Software as a Medical Device (SaMD).

This is a key hire for an exciting Healthtech company where you will have a huge impact!

Key Responsibilities:

Establish and enforce security and compliance policies across infrastructure, applications, and operational workflows.
Create and manage a roadmap for achieving ISO 27001 certification; support additional standards such as Cyber Essentials Plus and NHS DSPT.
Lead internal compliance audits and facilitate preparations for external assessments.
Integrate security best practices throughout the software development lifecycle.
Collaborate closely with engineering teams to ensure secure system architecture (hosted on AWS) and deployment methods.
Monitor and report on emerging security threats related to AI, cloud technologies, and web infrastructure.
Oversee the creation and maintenance of policy documents, employee training, and incident response protocols.
Track relevant regulatory developments and ensure continuous compliance.
Serve as the central contact for all security and compliance issues.
Work in partnership with Legal and Operations teams to coordinate compliance initiatives.

Required Experience:

Minimum of 5 years’ experience in Security, Compliance, or DevSecOps roles (ideally within health tech or similarly regulated industries).
Strong expertise in ISO 27001, UK GDPR, and related industry frameworks.
Direct involvement with ISO audits and certification processes.
Solid knowledge of cloud environments, especially AWS, and web application security principles.
Familiarity with security tools such as SIEMs, CSPM solutions, and vulnerability assessment platforms.
Prior experience working with UK healthcare entities, including the NHS or private providers.

If you come from a Info Security / DevSecOps / Security Engineering background and excited by the prospect of working for a Health-Tech scale-up, please apply with a copy of your CV ASAP.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs