Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security and compliance for a health tech startup, ensuring safety and privacy.
- Company: Join a mission-driven health tech startup transforming mental health access with innovative technology.
- Benefits: Enjoy private medical insurance, gym support, flexible work culture, and 28 days off.
- Why this job: Be part of a dynamic team making a real impact in mental health through tech.
- Qualifications: 5+ years in info security, knowledge of ISO 27001, and experience in regulated environments required.
- Other info: Hybrid working in London with a focus on innovation and collaboration.
The predicted salary is between 60000 - 84000 £ per year.
Salary: up to £100,000 + benefits
Location: London (Hybrid)
I’m hiring for a standout InfoSec Lead to join one of the UK’s most ambitious health tech startups. This is a company on a mission, combining clinical expertise with smart tech to shake up how people access mental health support. They need someone sharp, hands-on, and forward-thinking to take charge of security, privacy, and compliance as they scale.
What You’ll Do
- Define and implement security and compliance policies and controls across infrastructure, applications, and internal systems.
- Lead the development and execution of the roadmap toward ISO 27001 certification and other key compliance frameworks.
- Collaborate with external stakeholders and customers to support security-related queries and onboarding.
- Drive internal audits and prepare documentation for external assessments.
- Work with engineering leadership to integrate security best practices into the SDLC, CI/CD, and cloud infrastructure.
- Guide secure architectural decisions and deployment processes.
- Maintain and evolve security training, policy documentation, and incident response plans.
- Monitor the regulatory landscape to ensure compliance with UK health data and AI-in-health tech regulations.
Your Experience
- 5+ years of experience in information security and compliance, ideally in regulated environments such as health tech.
- Deep knowledge of ISO 27001, UK GDPR, and industry best practices.
- Proven experience preparing for and leading ISO or similar audits.
- Solid understanding of AWS / Azure / GCP cloud security and web application security principles.
- Strong communication and documentation skills.
- Experience with tools like SIEM, CSPM, vulnerability scanners, and monitoring platforms.
Nice to Have
- Experience working in or with UK healthcare organisations (e.g., NHS or private providers).
- CISSP, CISM, or ISO 27001 Lead Implementer.
- Exposure to agile environments or health tech startups.
Perks & Benefits
- Private medical insurance
- Gym membership support
- Workplace pension
- 25 days annual leave + 3 "breather" days
- Flexible work culture
Contact Detail:
Formula Recruitment Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Lead
✨Tip Number 1
Familiarise yourself with ISO 27001 and UK GDPR regulations, as these are crucial for the role. Being able to discuss specific compliance frameworks and how you've implemented them in past roles will set you apart.
✨Tip Number 2
Showcase your hands-on experience with cloud security, particularly with AWS, Azure, or GCP. Be prepared to discuss how you've integrated security best practices into development processes in previous positions.
✨Tip Number 3
Highlight any experience you have working with healthcare organisations, especially if you've dealt with sensitive data. This will demonstrate your understanding of the unique challenges in the health tech sector.
✨Tip Number 4
Prepare to discuss your approach to security training and incident response plans. Being able to articulate how you've maintained security awareness within teams will show your leadership capabilities.
We think you need these skills to ace Information Security Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in information security, particularly in health tech or regulated environments. Emphasise your knowledge of ISO 27001 and UK GDPR, as well as any specific tools you've used.
Craft a Compelling Cover Letter: Write a cover letter that showcases your passion for health tech and your understanding of the company's mission. Mention how your skills align with their needs, especially in security, privacy, and compliance.
Showcase Relevant Projects: If you have led projects related to security audits or compliance frameworks, include these in your application. Detail your role and the outcomes to demonstrate your hands-on experience.
Highlight Communication Skills: Since strong communication is key for this role, provide examples in your application where you've successfully collaborated with stakeholders or led training sessions on security best practices.
How to prepare for a job interview at Formula Recruitment
✨Showcase Your Technical Expertise
Make sure to highlight your deep knowledge of ISO 27001, UK GDPR, and cloud security principles during the interview. Be prepared to discuss specific examples from your past experience that demonstrate your ability to implement security policies and controls effectively.
✨Prepare for Compliance Questions
Since this role involves compliance with various regulations, brush up on your understanding of health data regulations and how they apply to tech. Expect questions about your experience with audits and how you've prepared for them in the past.
✨Demonstrate Strong Communication Skills
As an InfoSec Lead, you'll need to collaborate with various stakeholders. Practice articulating complex security concepts in a way that's easy to understand. This will show your potential employer that you can effectively communicate with both technical and non-technical teams.
✨Discuss Your Leadership Style
Be ready to talk about your approach to leading security initiatives and training within a team. Share examples of how you've guided secure architectural decisions and integrated security best practices into development processes, as this is crucial for the role.
