Information Security Manager - Medical Technology Development

Hypervision Surgical is a spin‑out from King’s College London, founded by clinicians and experts in medical imaging and artificial intelligence. Using safe light alone, our mission is to equip surgeons with real‑time, AI‑driven tissue intelligence to improve precision and patient safety. We are pioneering the world’s first regulatory‑cleared real‑time intraoperative spectral imaging platform, combining on‑chip spectral sensing with high‑speed AI analytics at over 60 frames per second. Seamlessly integrating into existing surgical vision systems, our technology transforms standard cameras into intelligent, data‑rich tools, revealing anatomical, physiological, and pathological information beyond human vision. Certified for both open and minimally invasive surgery, our platform achieved UKCA certification and FDA clearance in 2025 under a newly established AI/ML product code, and was admitted into the FDA’s Safer Technology Program. With multi‑centre clinical evaluations underway and strategic partnerships with world‑leading technology and surgical manufacturers, including imec and ZEISS Ventures, Hypervision is shaping the future of data‑driven surgery.

Hypervision Surgical processes all personal data in accordance with the UK GDPR and Data Protection Act 2018. For further information on how we collect, use and protect your data, please refer to our Applicant Privacy Notice.

The Role

Reporting to the Chief Operating Officer, the Information Security Manager is responsible for owning and implementing Hypervision Surgical’s information security programme and IT risk management approach. The post‑holder will provide subject‑matter expertise and manage the Information Security Management System (ISMS) to ensure the confidentiality, integrity, and availability of information assets across the Company. The role ensures that security governance, controls, and risk management activities align with business objectives, regulatory requirements, and Hypervision’s risk appetite, while providing confidence to all stakeholders. As a trusted advisor and hands‑on practitioner, you will be responsible for the identification, evaluation and communication of information security risks across the organisation. You will work closely with internal teams and externally with suppliers, customers, and regulatory bodies, ensuring our regulated medical device development activities maintain the highest standards of information security. In a fast‑paced start‑up environment, you will be comfortable operating with a high degree of autonomy — building security capability from the ground up, translating regulatory requirements into practical controls, and supporting the organisation as we bring pioneering spectral imaging technologies to market as cleared medical devices.

Key Responsibilities

• Own and implement Hypervision Surgical’s information security programme and cyber risk approach, aligned to business objectives, regulatory requirements, and risk appetite.
• Manage and continuously improve the Information Security Management System (ISMS), supporting ongoing ISO 27001 certification and effectiveness.
• Establish and maintain a practical and proportionate approach to information security governance, risk management, and assurance.
• Develop and maintain information security policies, standards, and frameworks, ensuring they are fit for purpose and embedded across the business.
• Manage Hypervision’s approach to third‑party and supplier security risk management.

Compliance & Regulatory Alignment

• Ensure compliance with applicable laws, regulations, and standards — including GDPR, ISO 27001, ISO 13485, and IEC 62304 — and act as a key internal contact for regulatory and supervisory matters where required.
• Support the alignment of information security practices with medical device regulatory requirements, contributing to the Quality Management System (QMS) as needed.
• Follow good information‑governance practice throughout this role and ensure compliance with Hypervision’s information security and data protection policies in all applicable tasks.

Incident Management & Risk

• Own cyber incident response and resilience activities, including preparedness, escalation, response, and post‑incident review.
• Translate complex security and technology risks into clear, meaningful insights for non‑technical stakeholders, supporting informed decision‑making.
• Monitor emerging threats, technologies, and regulatory changes, proactively assessing their impact on Hypervision’s risk profile.

Stakeholder Engagement & Security Culture

• Act as the primary point of contact on information security, cyber risk, and data protection matters across the Company, providing clear guidance to the leadership team as required.
• Represent Hypervision Surgical externally on information security matters, supporting customer assurance, audits, due diligence, and commercial engagements.
• Champion security awareness and accountability at all levels of the business, ensuring employees are empowered to make sound security decisions.
• Be prepared to step into a wide range of responsibilities typical of a small, high‑impact start‑up — this list of duties is not exhaustive, and the post‑holder may be asked to carry out other duties through discussion with their line manager.

At Hypervision Surgical, we welcome candidates who have the core skills for the role and are keen to learn and grow with us. We are committed to creating an inclusive environment where a diverse mix of talented people come together and enjoy working with one another. By working together, we will change the way surgery is performed and improve patient care.

About You

You are a hands‑on information security practitioner who is comfortable operating with autonomy, enjoys building security programmes in resource‑efficient environments, and takes pride in enabling others. You bring:

• Solid experience in information security, cyber security, or technology risk management in a technical or operational capacity.
• A relevant Computer Science, Engineering, or IT‑related degree, or equivalent practical experience.
• IRCA certification, or hands‑on experience supporting or overseeing information security audits.
• Strong understanding of data protection legislation (including GDPR) and its practical application within a regulated environment.
• Proven experience owning and implementing information security or cyber risk programmes, ideally within a regulated or compliance‑driven organisation.
• Strong knowledge of information security frameworks and standards — particularly ISO 27001 — and experience operating an ISMS.
• Ability to engage, influence, and advise senior stakeholders on security matters in a clear and accessible way.
• Experience managing stakeholder relationships with regulators, customers, and auditors.
• Excellent communication skills, with the ability to articulate security topics to both technical and non‑technical audiences.
• A calm, pragmatic, solutions‑oriented mindset — balancing security rigour with operational practicality in a fast‑paced environment.
• A collaborative, empathetic approach that contributes to an inclusive and supportive team culture.

Desirable:

• Knowledge of data protection regulation in other geographical regions, e.g. HIPAA (US).
• Data protection qualification, such as CIPP or BCS Certificate in Data Protection.
• Experience with HIPAA, HITRUST, SOC 2, or NIST CSF frameworks.
• Familiarity with medical device regulatory requirements, including ISO 13485 and IEC 62304.
• Experience in a venture capital‑backed start‑up or scale‑up environment.

Bonus points if you bring a special talent, interest, language, or unique life experience to the team.

What We Offer

• The opportunity to make a direct contribution to patient care and deliver real‑world surgical impact.
• Access to state‑of‑the‑art surgical development facilities at St Thomas’ MedTech Hub, including hospitals, operating rooms, labs, and computational resources, with offices located at the London Institute for Healthcare Engineering.
• Competitive salary.
• Equity participation via share option scheme.
• 25 days of annual leave plus bank holidays.
• Hybrid working arrangements, tailored with your manager to suit the needs of the role.
• Employee Assistance Programme for wellbeing, legal, and financial support.
• Cycle to Work Scheme and Workplace Nursery Benefits.
• £150 annual tech stipend for productivity and office essentials.
• Complimentary office snacks and drinks.
• Monthly team socials in an inclusive, collaborative culture.