Information Security Officer

**About us***:
As featured in the likes of The Telegraph, Independent and Forbes, Patchwork is an award-winning digital healthcare solution that was built by doctors, for doctors.

We are a rapidly growing team of 100+ people revolutionising flexible working in the NHS and are helping NHS organisations save millions (and counting), by connecting them to an increasing number of flexible bank workers. We help grow their staff banks, remove reliance and spending on locum agencies, and aim to improve the general experience of flexible bank working.

We have always taken pride in having a hybrid working model even before the pandemic. Despite not being a fully remote employer, we are a flexible employer and encourage all of our employees to come into the office twice a week.

**The Role**:
We’re looking for an Information Security Manager to join our growing team at Patchwork.

The role is an unique opportunity to build and shape the information security function within a rapidly scaling health tech business. As the Information Security Manager for Patchwork, you will play a key role in overseeing, managing and maintaining our Information Security Management System (ISMS) and Security Certifications (ISO 27001 and Cyber Essentials). You will also be supporting the organisation's infosec programmes and projects and design new policies as we continue to scale.

This would initially be a solo position in which you would be the in-house infosec expert. This is essentially a leadership role within a technical specialism and whoever we hire will be entrusted with the future of information security at Patchwork in terms of both systems and people.

**Key Responsibilities**:

- Lead and manage on security events and incidents that occur within the business
- Work alongside the IT manager to ensure ongoing maintenance, development and future implementation of key IT security controls
- Stay current on security trends and standards, including research of potential security enhancements and making strategic recommendations.
- Work closely with Platform Teams and Cloud Engineering Teams to ensure projects/initiatives are secure upon delivery.
- Maintain information security processes and documentation in line with ISO 27001
- Organise and support internal and external audits, vulnerability management processes, pen testing and business continuity/disaster recovery planning
- Contribute towards the annual budget and forecasting process for Infosec related items
- Working across the business to ensure that compliance with implemented standards and controls is maintained to acceptable levels
- Act as Single Point of Contact for all customer Security Questionnaires and contractual addendums. Coordinate the completion of the customer questionnaires with the appropriate teams and be responsible for ensuring all remediation plans are implemented to the agreed specifications and timelines with the customers.
- Define and deliver regular staff awareness training on relevant information and cyber security topics.

**Ideal Profile**:

- Experience in managing information security as the sole IS lead in the business
- Experience with InfoSec standards such as ISO 27001
- Experience developing, maintaining and implementing an ISMS

**Benefits**
***:

- Support remote/flexible working environments
- Dog friendly office
- Cycle and Tech loan scheme
- EMI Shares Options
- Access to Perkbox
- Parental Support through Poncho
- Salary advances with our financial wellbeing partner, Wagestream
- Free therapy, counselling and other wellbeing services through our Employee Assistance Programme: Health Assured
- Trained Mental Health First Aiders in the business
- Weekly Lunch & Learn
- Monthly Culture Club: Diversity talks, cooking workshops, book clubs
- Assigned Learning & Development budget per employee

**Logistics***:

- Patchwork provides equal employment opportunities (EEO) to all employees and applicants. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant’s or employee’s qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, colour, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognised protected basis prohibited by applicable law._