Senior Information Security Specialist

About HeliosX

Ready to revolutionise healthcare, making it faster and more accessible than ever before? Founded in 2013 by Dwayne D’Souza, HeliosX was built on a simple but powerful idea: healthcare should be easier to access, faster to receive, and centred around the individual. From day one, we’ve grown without external funding; scaling profitably through technology, disciplined execution, and deep medical expertise. What started as a challenger idea has become one of the most significant healthcare platforms operating globally today.

Where we are now: We’ve earned the trust of millions of people worldwide through category-leading products and well-known brands, including MedExpress, Dermatica, ZipHealth, RocketRX, and Levity. A key driver of our success is vertical integration; we operate our own manufacturing and proprietary products, led by in-house medical teams, researchers, and pharmacists at the top of their fields.

In 2025, HeliosX treated more than 1.7 million patients globally and reached £781m in revenue, representing +337% year-on-year growth and cementing our position as the clear market leader in the UK. That growth translates into real-world outcomes: our weight-loss treatments helped patients lose 8.5 million kilograms of excess weight in 2025 alone, contributing to an estimated 1,300 fewer cardiac events. This is growth with measurable, life-changing impact at scale.

Today, we operate across four international markets, with successful launches in Germany and Canada and continued expansion in the US. We were also recently recognised in the Sunday Times Top 100 fastest-growing tech companies, further validation of both our momentum and our ambition.

Where we’re going: 2026 is a step-change year. Our ambition is to reach £1.6bn in revenue, expand from four to eight global markets and significantly broaden our condition and treatment portfolio. Over the coming years, you’ll help shape HeliosX into a truly world-leading healthcare partner; one that combines scale, speed, and clinical rigour to redefine how personalised care is delivered. Joining HeliosX now means building systems, teams, and products that will define the next decade of digital healthcare, and doing work that genuinely improves lives, at global scale.

There’s never been a more exciting time to join HeliosX. Come be a part of making our dream of easier and faster healthcare a reality!

About the role:

As the Senior Information Security Specialist, you will be the cornerstone of our Governance, Risk, and Compliance (GRC) function. This pivotal role involves leading the development, maintenance, and continuous improvement of our Information Security Management System (ISMS). You will act as the primary subject matter expert for our entire security governance framework, ensuring our policies, standards, and controls are robust, auditable, and effectively manage risk across the business.

What you’ll be doing:

• Governance, Risk & Compliance (GRC) Leadership
  • Lead the development, management, and continuous improvement of the Information Security Management System (ISMS), aligning it with relevant frameworks and standards.
  • Update and maintain the Information Security Risk Register, facilitating risk assessments, identifying treatment plans, and reporting risk posture to stakeholders.
  • Develop and oversee the internal security audit schedule, coordinating technical control testing and compliance reviews to ensure effectiveness and identify areas for improvement.
  • Act as the subject matter expert for data classification and data protection, defining policies and guiding the business on correct data handling procedures.
  • Lead the formal security response for client due diligence questionnaires (DDQs) and support the review of security clauses within commercial contracts.
• Third-Party Risk, Advisory & Business Engagement
  • Manage the end to end third party risk management (TPRM) programme, including supplier due diligence, risk assessment, and ongoing performance monitoring.
  • Act as the primary point of contact for information security queries from the business, providing expert guidance to both technical and non-technical stakeholders.
  • Translate complex technical and security risks into clear, business-focused language and recommendations.
  • Develop, manage, and deliver the security culture, awareness, and training programme across the organisation.
• Incident Management, Leadership & Capability Building
  • Define, maintain, and improve the Incident Response call tree and incident communication roles and processes.
  • Support and guide incident response activities from a governance, risk, and communications perspective, ensuring roles, responsibilities, and escalation paths are clear and effective.
  • Provide security leadership, coaching, and mentoring to junior members of the security team and guidance to wider technical and non-technical staff.
  • Act as a trusted authority on GRC matters, helping to drive a strong and sustainable security culture across the business.

Who you are:

• Demonstrable experience in two or more major information security domains, with strong focus on Governance, Risk, and Compliance (GRC).
• Proven experience designing, implementing, and operating an ISMS aligned to recognised frameworks (e.g., ISO 27001, NIST, etc.).
• Strong experience in risk management, audit, compliance, and third-party risk management.
• Experience handling client security questionnaires (DDQs) and reviewing security-related contractual requirements.
• Experience supporting or governing incident response, including escalation models, call trees, and communication structures.

Core Skills:

• Excellent written and verbal communication skills, with the ability to explain complex security topics in clear business terms.
• Strong planning, organisation, and documentation skills.
• Stakeholder management across technical and non-technical audiences.
• Risk assessment, control design, and policy/standard development.
• Coaching, mentoring, and influencing skills.
• Trusted advisor mindset with strong professional judgement.
• High attention to detail with a pragmatic, risk-based approach.
• Confident decision-maker who can balance security, business needs, and delivery.
• Collaborative, proactive, and comfortable operating with autonomy.
• Committed to continuous improvement and raising organisational security maturity.

Why work with us?

At HeliosX, we want to improve healthcare for everyone, and to do this we need a team of brilliant people who share that ambition. We are currently a diverse team of engineers, scientists, clinical researchers, physicians, pharmacists, marketing staff, and customer care specialists committed to our mission - but we need more talented folks to join us, if we want to achieve our global ambitions!

Aside from working with our all-star team, here are the other benefits of coming on board:

• Generous equity allocations with significant upside potential
• 25 Days Holiday (+ all the usual Bank Holidays)
• Private health insurance, along with extra dental and eye care cover
• Employee Pension with Smart Pension
• Enhanced parental leave
• Cycle-to-work Scheme
• Electric Car Scheme
• Free Dermatica and MedExpress products every month, as well as family discounts
• Home office allowance
• Access to a Headspace subscription, discounted gym memberships, and a learning and development budget (alongside a free Kindle and audible subscription)