Job Title: Information Security Specialist (Appsec/Cloudsec)

Business Area: Product & Technology

Reporting to: Head of Information Security

Location: UK (Remote with occasional travel)

 

 

Purpose:

As an Information Security Officer/Specialist, you will support the delivery of the Information Security vision and strategy and roadmap, whilst also contributing to the definition of the security programme. You will be a key member of a small team of security professionals, delivering global Information Security services to Induction Healthcare, and its growing portfolio of (SaaS) products (web, mobile and native apps). You will engage with individuals at various levels within the Group, across multiple time zones and work collaboratively with your peers, internal teams and external 3^rd parties to ensure that security risk is managed to acceptable levels.

 

Responsibilities:

– Becoming a trusted infosec advisor, providing internal consultancy and support to your peers and the wider Induction team.

– Working with your peers and the business to maintain an up-to-date view of Induction Healthcare’s information assets and associated criticality that feeds into information security risk management

– Managing information security incidents, associated remedial actions, and carrying out root cause analysis in collaboration with peers and the business

– Working with Information Governance and other internal teams to ensure Induction’s continued annual submission of NHS Data Security & Protection toolkits, ongoing maintenance of Cyber Essentials Plus and other compliance requirements and security standards including but not limited to, ISO 27001 and SOC2

– Working with our, Product & Delivery, Development and Cloud teams to reduce the risk of vulnerable code in our products and cloud infrastructure vulnerabilities

– Representing the Infosec team by supporting the wider company on key projects, business change and BAU tasks

– Working with the Enterprise IT team to implement, develop, and audit the effectiveness of end user device security controls

– Supporting the business to develop and maintain the Information Security Management System (ISMS) to industry standard and certification where required

– Working with 3^rd parties and internal teams where appropriate to scope, plan and manage regular security exercises, including penetration tests for Induction’s product suite

– Producing and/or maintaining high quality information security documentation including policy, process and procedures

– Developing and delivering infosec awareness and behavioural change engagement and training across the group

– Deputising for the Head of Information Security when required.

 

Infosec Experience:

– Demonstrable experience in Information Security of 4-5 years or more

– Knowledge of cloud security controls and architecture (in particular, AWS)

– Experience of working with engineering and cloud teams to develop secure SaaS products and embedding security testing in the SDLC

– Experience of working with and applying security standards and frameworks, such as ISO 27001, Cyber Essentials Plus, OWASP SAMM, CSA CAIQ, NIST CSF or CIS Controls

– Knowledge and understanding of a broad range of current and emerging technologies and associated threats

– Experience of managing and completing internal & external security assurance (security questionnaires)

– Experience of successfully dealing with and managing external infosec auditors

– Experience of completing information security risk assessments, including asset and threat analysis

– Carrying out information security gap analysis using industry standards & frameworks

– Experience of delivering training to colleagues either face-to-face, remotely or through the use of a learning management system/solution

– Experience of implementing and/or transitioning an ISO 27001 certified ISMS within an acquisitional environment.

 

Personal Attributes:

– Excellent time management skills to self-manage and successfully see-through multiple tasks or projects within agreed timescales

– Confidence to communicate with people at all levels, both technical and non-technical remotely or in person

– An enthusiastic self-starter who is driven to succeed as part of a high-performing team

– A willingness & keenness to self-develop and learn about the wider information security domains

– Prepared and determined to work flexibly across time-zones within a global organisation

– The understanding and ability to embrace and encourage change and transformation

– Good team player, no politics

– Certifications are not required, but if combined with demonstrable experience, may be beneficial.

 

 

About Induction Healthcare Group plc

www.inductionhealthcare.com 

 

Induction (AIM: INHC) is a leading virtual care platform driving digital transformation of healthcare systems worldwide. Induction solutions enhance the investments hospitals have made and lay the foundation for their future. Our products can enable information sharing between busy doctors, alleviate operational burdens on hospitals or put patients in better control of their care, all while ensuring the highest standards of clinical safety and information security. We unchain staff and patients from the limitations of paper-based and desktop systems, creating substantial time and cost efficiencies. 

 

Our team of doctors, developers and healthcare technology experts are focused on a common goal to help streamline the delivery of care for all Healthcare professionals with simple and effective innovation.  We’re fortunate to have attracted some amazing talent from within the NHS – for example, our Chief Medical Officer, Professor Martin Severs joined us from NHS Digital – balanced with a huge breadth of talent from within the private sector.  Our team is led by our joint CEO’s Dr Hugo Stephenson and James Balmain, who have both gained many years of experience within the healthcare technology setting and digital transformation. Hugo has founded several healthcare and biotech services businesses including DrugDev (acquired by IQVIA) MediGuard (owned by IQVIA), Health Research Solutions (acquired by Quintiles, now IQVIA), and MedSeed (acquired by eHealthcare Asia).  James has a wealth of NHS facing commercial experience, having co-founded Zesty Limited in 2012, building it into a multi award winning UK digital health company. Prior to Zesty, James was Ecommerce Director at EE, and Head of Ecommerce at the Shop Direct Group.

We believe that the collective experience within our team speaks volumes about how our brand, products and services are perceived both within and beyond the NHS; but most importantly it empowers us with invaluable sector specific insight and knowledge which informs and steers every aspect of what we do, from our sales and marketing approach to our technical development and our implementation strategies.  Our broad base of talent empowers us to build products that work for the people using them.

 

More than 225,000 hospital doctors across multiple territories, including the UK, Ireland, Australia and South Africa, as well as a rapidly growing number of more than 280,000 UK patients, choose Induction solutions. 

 

Induction Switch is the number one healthcare collaboration app in the UK, used by the majority of hospital doctors within the NHS. The app helps to increase productivity and enhance communication by securely sharing phone numbers and bleeps, bookmarks, documents and messages in a clinical setting.  

 

Induction Guidance provides medical organisations, including most hospital trusts within the NHS, with the ability to collaboratively create, edit, and publish their own local medical guidelines in a secure and locally administrated environment. This increases knowledge of, and adherence to, guidance. 

 

Induction Zesty is a market-leading digital platform for patients visiting hospitals. The platform allows patients to book and access their appointments, read their clinical letters, store a copy of their clinical record and provide data to their care teams remotely. It is not just a compelling patient experience, but also delivers significant cost benefits to hospitals.  

 

Induction HealthStream is a proprietary data integration platform that reads and writes patient demographic, appointment and clinical record data between a growing number of hospital EHR systems and the Induction platforms. This connectivity between stakeholders and legacy IT systems adds substantial value to pre-existing health IT investment and allows large-scale adoption of Induction app-based services. 

 

Induction Attend Anywhere – www.attendanywhere.com/  

 

Attend Anywhere the UK market leader in secondary care video consultations, helps hospitals, health systems and other customers offer video consultations to patients and service users as a normal part of day-to-day operations,   making it simple, safe and secure to say “yes you can attend your appointment via video”.  Since 1998, Attend Anywhere has collaborated with clinicians and patients, medical colleges, universities, healthcare providers, governments, NGAs, and others to bring the benefits of mainstream video call access to health and care systems, with some Attend Anywhere programs now entering their 21st year.  

 

Our vision is for video consultations to improve lives and help address social, access, equity and sustainability challenges by allowing healthcare providers to determine how and when they see a patient based on each individual case; in-person, via video or on the telephone. With the addition of Attend Anywhere, our promise of flexible care is truly in motion.