Information Security and Data Privacy Manager

This role represents an opportunity for a driven and growth-oriented individual to lead the enhancement and implementation of information security, data processing and data privacy policies and standards across the business. You will report to the Engineered Compliance Lead and DPO, who is responsible for planning and managing Oxehealth’s compliance with all international regulations and standards, meeting market procurement standards and guidance, and ensuring the personal data protection and clinical safety of the patients that our customers care for.

Job description

You will be responsible for:

● Supervising execution and monitoring of the Information Security and Privacy Information Management System (ISMS/PIMS)

● Running the Monthly and Quarterly security reviews i n support of the CTO (Chair), and the Quarterly Data Review in support of the COO and DPO

● Tracking high priority actions, leading cross-functional security and data privacy projects

● Managing security risk and vulnerability analysis, and monitoring and executing risk treatment plans

● Running internal and external data privacy and security audits eg ISO 27001 and ISO 27701 as well as supporting compliance with regulations (eg GDPR, HIPAA, NIS), and market procurement standards (eg DSPT, HSSF, DTAC), and other regimes as they become relevant

● Supporting the DPO in monitoring and managing the company’s data protection stance

● Working with the Regulatory lead to improve the ISMS and PIMS

● Maintaining robust supporting documentation and policies, and ensuring that they are embedded within the wider business

● Acting as an in-house expert on international data privacy and security regulations (eg Europe, UK, USA, other territories)

● Overseeing and delivering data privacy and information security training to all staff

The ideal candidate will have a passion for monitoring and interpreting regulation, and for systematically ensuring compliance with that regulation, by helping to ensure that data protection and information security are always “built in”.

The successful candidate is likely to have:

● Experience of having managed an Information security management system (ISMS) and maintaining ISO 27001 certification i n a multi-site operation.

● Solid understanding of IT and experience in contributing to IT governance, controls and best practice processes.

● Experience in undertaking a range of internal and third party audits around Information security, data protection and IT governance and controls.

● Experience in developing physical security best practice processes and controls.

● Good understanding of the Data Protection Act and EU GDPR.

● Very good understanding of the principles of risk assessment and risk treatment, including operational risk as well as compliance monitoring and reporting.

Desirable but not essential:

● Industry experience within the healthcare sector


  • June 24, 2021
  • Data & Privacy
  • United Kingdom
  • £50-65k

Why you'll like working at Oxehealth

contact staff

Remote work

1/3 of us frequently work remotely and hot desk frequently.

Paid holiday

25 days' holiday, 8 bank holidays.

Competitive salary

We pride ourselves on rewarding great work with great compensation.

Team events

Quarterly developmental offsites


Parental and family leave, group personal pension plan & life assurance.

Development allowance

Personal skills development budget

Interested in this role?

If this job interests you and you’re a talented individual that’s passionate about our dream and building Oxevision with us, we'd love to hear from you!

Fill out the form and be sure to let us know why you think you're a good fit for the position.

Upload your CV and cover letter below

Drop your file here or choose a file
Max file size 10MB.
Upload failed. Max size for files is 10 MB.
File should be a .pdf, .doc, .zip or .mp4
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.