Security Lead

  • Jobtailor
  • 11/07/2026
Full time Information Technology Telecommunications

Job Description

Responsibilities
  • To operate our information security management system, and maintain Mental Health Innovations' ISO 27001 certification.
  • Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
  • Deputising for the Director in security matters as required
  • Operation of the ISMS and Data Protection processes
  • Managing risk register, preparing for management review meetings
  • Developing/maintaining controls and ensuring they are implemented across the organisation
  • Refining our security KPIs and maintaining them
  • Proposing actions from KPIs, events and incidents and coordinating resultant work
  • Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
  • Ensuring secure endpoint and cloud posture
  • Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
  • Monitoring our processes and suggesting improvements
  • Proposing and progressing other continuous improvement work
  • Feeding into training and awareness programmes and improving security culture
  • Preparing for audits and carrying out remediation work
  • Working with the Director to create, maintain and manage policies and ensure compliance
  • Planning and participating in incident response exercises
  • Managing major incidents and conducting post mortems/reviews
Requirements
  • The ability to learn new skills and technologies quickly
  • Experience of risk management
  • Working knowledge of security standards and frameworks, particularly ISO 27001
  • Knowledge (and preferably experience) of GDPR and DPA 2018
  • Experience of incident management
  • Excellent knowledge of high level security concepts and best practice
  • Excellent documentation skills, including policies and standards
  • Knowledge of the following areas (deeper experience of one or more preferred): Endpoint security, Network security, Cloud security, Application security, Identity and access management, Secure distributed working practices
  • Excellent written and verbal communicator
  • Ability and desire to learn new tools, skills and consider other perspectives
  • Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
  • Ability to manage own time, confirm priorities and expectations
  • Independent worker who knows when to ask questions
  • Comfortable working with the wider team and organisation
  • Comfortable dealing with ambiguous situations and objectives