At a Glance
- Tasks: Lead security strategy and ensure the safety of sensitive healthcare data across our platform.
- Company: Join Doctify, a pioneering tech company transforming global healthcare.
- Benefits: Enjoy 28 days leave, hybrid working, and a supportive growth environment.
- Other info: Be part of a diverse team committed to innovation and inclusion.
- Why this job: Make a real impact in healthcare security while advancing your career.
- Qualifications: Proven experience in senior security roles, especially in SaaS or healthtech.
The predicted salary is between 60000 - 80000 £ per year.
Doctify is the global platform built by doctors for doctors, on a mission to build the largest, most trusted global network of validated healthcare providers and experts. We connect patients with the right doctors, and doctors with respected peers, to ensure better care worldwide. Through verified patient reviews and professional skill endorsements, Doctify creates unmatched credibility for providers and empowers patients to choose care with confidence.
Founded in 2015 and backed by $30m+ in funding, Doctify operates across 7 countries. We are uniting the global healthcare community, one trusted connection at a time. We do things differently here at Doctify; we are boldly leading a digital revolution in healthcare and are confident in our mission.
About The Role
Security is foundational to the trust that patients place in our platform and the confidence that healthcare providers invest in their professional reputations. We process sensitive healthcare data across seven countries, operate a complex cloud-native platform, and serve a rapidly growing community of patients and clinicians. Getting security right matters deeply.
We’ve built solid and safe foundations; our cloud infrastructure, identity management, and application security are genuinely secure. Now we’re looking for a Cyber Security Lead to own security across the organisation, close the gaps that remain, and set us on a clear trajectory toward best-in-class security posture. This role is for a hands-on leader with the vision and ambition to grow into a CISO as Doctify continues to scale.
You’ll work closely with the COO on operational security priorities, partner with the VP Engineering on technical architecture and DevSecOps, and engage the full business on security culture. Depending on your approach and the business’s needs, you may lead a small internal team (DevSecOps and/or IT/endpoint) and/or manage outsourced security partners.
You’ll be responsible for:
- Leadership, and ownership of security strategy & roadmap: Owning and delivering a comprehensive, prioritised security plan; translating Doctify's risk profile into a clear programme of work that takes us from our current foundations towards best-in-class maturity, and reporting progress to executive and board level.
- Endpoint security & device management: Designing and implementing enterprise-grade endpoint protection across all corporate devices; including EDR, mobile device management, patch management, and device trust controls, and balancing security rigour with a practical, user-friendly approach.
- Security operations & visibility: Building out Doctify's security operations capability: integrating SIEM, centralising security event logging, and establishing an active security review process, whether through an internal function or a managed SOC partner.
- Cloud & platform security: Owning and continuously improving the security of our AWS and Google Workspace environments, applying CIS benchmarks and industry frameworks, and ensuring our cloud posture keeps pace with the platform's growth.
- Application & data security architecture: Partnering with the VP Engineering and engineering teams to embed security into the SDLC, from threat modelling and code review standards to secure data handling practices that protect the sensitive patient and clinician information we steward.
- Governance, risk & compliance: Maturing Doctify's security governance framework, maintaining Cyber Essentials certification, formalising risk management methodology, managing the risk register, and driving us towards ISO 27001 or equivalent.
- Identity & access management: Strengthening IAM across the organisation, improving SSO centralisation, access controls, and privileged access management to protect both internal systems and our patient and doctor-facing products.
- Security awareness & culture: Championing security across the whole business; designing and running training programmes, phishing simulations, and regular communications that build genuine security awareness and a culture of shared ownership.
- Incident response & business continuity: Owning Doctify's incident response capability; ensuring the organisation can detect, contain, and recover from security events effectively, with clear playbooks, tested procedures, and appropriate communication protocols.
- Vendor & third-party security: Defining and applying security requirements in supplier relationships, managing third-party risk, and overseeing the performance of any outsourced security functions.
- Patient & clinician data protection: Taking ownership of our obligations around the security of healthcare data and working in close partnership with our Trust and Legal functions on GDPR compliance, data handling standards, and our broader regulatory posture.
About you
- You have a strong track record in senior security roles, ideally at a SaaS, healthtech, or data-intensive scale-up, and you're ready for a step up into a role with full organisational ownership.
- You have broad technical depth across cloud security (AWS, Google Workspace), endpoint protection, application security, identity management, and security operations, and you're comfortable going deep where needed.
- You are ambitious and strategic: you think in roadmaps, not just tickets, and you have the vision and energy to build towards a CISO role as Doctify continues to grow.
- You are an exceptional communicator and able to translate complex, nuanced security challenges into clear language for a non-technical executive team, board, and wider business.
- You are hands-on and pragmatic, comfortable making sound, proportionate decisions at pace in a scale-up environment where priorities shift and resources require careful management.
- You are familiar with security frameworks and standards including Cyber Essentials, ISO 27001, CIS Benchmarks, NIST, and UK GDPR.
- Experience in a regulated environment, particularly one handling sensitive healthcare or personal health information, is a strong advantage.
- You are based in the UK and able to work from our London office on a hybrid basis.
- You are a natural leader and able to build, manage, and develop a small team and to hold outsourced partners to account, while remaining personally close to the work.
- You are genuinely passionate about protecting the patients and doctors who rely on Doctify, and you bring that purpose and care into how you approach the role every day.
What We Offer
- Time off, flexibility & balance: 28 days annual leave (25 + 3 between Christmas and New Year), earning up to 30 days leave with tenure; 2 weeks of remote working annually (within 3-hour time zone of HQ); Hybrid working model; Enhanced Parental Leave; Medicash health cash plan.
- Setting you up for success: Competitive, benchmarked compensation; 3-month immersive onboarding experience; Ongoing learning through expert-led sessions, leadership insights, and soft-skill development; Clear internal mobility pathways to accelerate your career.
- The uniquely Doctify experience: Daily team huddles to connect, share wins and spark ideas; Quarterly Doctifier nominated Impact Awards; Employee referral bonus: £700 (or local equivalent) per hire.
Our Commitment to DEIB
Diversity, equity, inclusion and belonging aren’t just values. They’re at the core of what makes us Uniquely Doctify. These principles shape how we work, how we build our teams, how we design our policies, and how we bring our mission to life.
As a global team, we know that diverse perspectives drive innovation and lead to better outcomes for patients, providers and each other. We’re committed to creating a fair, inclusive environment where everyone is heard, respected and empowered to thrive.
We want to ensure that everyone has an equitable and comfortable experience throughout our hiring process. If you require any adjustments, we’re happy to discuss how we can support you. You can contact us at hiring@doctify.com.
Cyber Security Lead in London employer: Doctify
At Doctify, we pride ourselves on being an exceptional employer that champions growth, flexibility, and wellbeing. Our vibrant work culture fosters collaboration and innovation, with a strong commitment to diversity, equity, inclusion, and belonging. As a Cyber Security Lead in our London office, you'll enjoy competitive compensation, a comprehensive onboarding experience, and clear pathways for career advancement, all while playing a crucial role in safeguarding the healthcare community we serve.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Lead in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Doctify, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Doctify
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Doctify. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Cyber Security Lead in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Doctify insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Doctify that you’re committed to staying ahead in the game.
How to prepare for a job interview at Doctify
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Doctify to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Doctify.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.