At a Glance
- Tasks: Lead our security efforts and maintain ISO 27001 certification while collaborating with teams.
- Company: Join a charitable organisation dedicated to mental health innovations.
- Benefits: Enjoy 25 days annual leave, private health insurance, and a pension scheme.
- Other info: Hybrid working model with opportunities for professional growth and development.
- Why this job: Make a real impact in information security and help protect mental health initiatives.
- Qualifications: Experience in risk management and knowledge of security standards like ISO 27001.
The predicted salary is between 65000 - 65000 £ per year.
Reporting To: Director of IT & Security
Location: Hybrid working, with a mix of home and minimum 1 day per week in West London office
Salary: Up to £65,000 per annum. We aim to be transparent about remuneration at MHI. As a charitable organisation, salaries for this role are predetermined and not negotiable. Please consider the advertised salary before applying.
Hours of Work: 40 hours per week, inclusive of a daily 1 hour paid lunch
Contract: Permanent
Benefits:
- 25 days annual leave per year, plus public holidays
- Company electronic devices
- Enhanced salary sacrifice pension scheme
- Private health insurance after completion of probation
- Eligibility for a Blue Light discount card
Closing Date: 24th July 2026 at 5pm. We reserve the right to close the job advert early if we receive a high number of applicants.
Job Summary: To operate our information security management system, and maintain Mental Health Innovations’ ISO 27001 certification.
Key Responsibilities:
- Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
- Deputising for the Director in security matters as required
- Operation of the ISMS and Data Protection processes
- Managing risk register, preparing for management review meetings
- Developing/maintaining controls and ensuring they are implemented across the organisation
- Refining our security KPIs and maintaining them
- Proposing actions from KPIs, events and incidents and coordinating resultant work
- Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
- Ensuring secure endpoint and cloud posture
- Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
- Monitoring our processes and suggesting improvements
- Proposing and progressing other continuous improvement work
- Feeding into training and awareness programmes and improving security culture
- Preparing for audits and carrying out remediation work
- Working with the Director to create, maintain and manage policies and ensure compliance
- Planning and participating in incident response exercises
- Managing major incidents and conducting post mortems/reviews
Person Specification:
Essential Criteria:
- The ability to learn new skills and technologies quickly
- Experience of risk management
- Working knowledge of security standards and frameworks, particularly ISO 27001
- Knowledge (and preferably experience) of GDPR and DPA 2018
- Experience of incident management
- Excellent knowledge of high level security concepts and best practice
- Excellent documentation skills, including policies and standards
- Knowledge of the following areas (deeper experience of one or more preferred):
- Endpoint security
- Network security
- Cloud security
- Application security
- Identity and access management
- Secure distributed working practices
- Excellent written and verbal communicator
- Ability and desire to learn new tools, skills and consider other perspectives
- Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
- Ability to manage own time, confirm priorities and expectations
- Independent worker who knows when to ask questions
- Comfortable working with the wider team and organisation
- Comfortable dealing with ambiguous situations and objectives
Desirable Criteria:
- Professional qualifications, such as CompTIA+, CISSP, CCSP, ISO 27001 Auditor
- Exposure to ITIL (ITIL Foundation or higher preferred)
- Experience in one or more of the following:
- Cloud (AWS preferred)
- Salesforce
- SSO & federated identities
- Network security, SASE & VPNs
- Endpoint security
- Infrastructure security and best practices
- Working knowledge of encryption technologies
- Password management and access control
- Security training and awareness
- Securing domains
- Detection and response, with excellent troubleshooting skills
- Working knowledge of one or more of these tools/products:
- Salesforce
- JIRA & Confluence
- Mac/iOS & Chrome OS
- Windows/Office365
- Google Workspace
- Creative thinker, but understands the importance of seeing a piece of work through to the end and on time
- Decisive, proactive, knows when to check the boundaries
This role is subject to eligibility to work in the UK, plus satisfactory background and reference checks.
We understand that AI is increasingly part of everyday life, and you might choose to use it when putting together your application. While AI can be a helpful tool, we ask that anything you submit reflects your own skills, experiences, and perspective. We value authenticity and integrity, and we want to see what you uniquely bring to our team and why our mission resonates with you personally.
Security Lead in London employer: Mental Health Innovations
At Mental Health Innovations, we pride ourselves on being an exceptional employer that values transparency, employee well-being, and professional growth. Our hybrid working model allows for flexibility while fostering a collaborative work culture in our West London office, where you can engage with passionate colleagues dedicated to making a difference in mental health. With generous benefits including 25 days of annual leave, private health insurance, and a commitment to continuous improvement, we empower our employees to thrive both personally and professionally.
StudySmarter Expert Advice🤫
We think this is how you could land Security Lead in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Mental Health Innovations, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Mental Health Innovations
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Mental Health Innovations. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Security Lead in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Mental Health Innovations insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Mental Health Innovations that you’re committed to staying ahead in the game.
How to prepare for a job interview at Mental Health Innovations
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Mental Health Innovations to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Mental Health Innovations.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.