ABOUT US

Mayden is a growing software company, awarded the 2024 EntreConf Employer and Health and Wellbeing awards and previous Development Team of the Year at the UK IT industry awards. We love that the work we do makes a difference, transforming health and care, together for everyone involved

ABOUT THE ROLE

We are looking to appoint a highly experienced cyber and information security specialist to join our growing business.
Mayden has a flat management structure and a coaching culture, with team members working together and supporting one another to make things happen. This means that job titles can look a little different, but also means our roles focus on people being able to combine what they are good at, and how they want to grow, with helping fulfil our purpose to transform health and care, together.
We are looking for a conscientious, personable and knowledgeable leader, preferably with commercial experience of working with the public sector. You may already be operating at CISO level in a small company, or have ambitions to reach the next level in your career.
Mayden’s flagship patient management system, iaptus, is used by more than 200 mental health services in the UK, Australia and Canada. Theseus, our case management system for addiction and healthy lifestyle services supports over 40 customers. We also provide systems for private practitioners and both patient and clinician facing features that are widely used across over 8 million patient records and counting.
We are passionate about delivering impactful healthcare software and we are proud to hold ourselves to the highest standards in regards to compliance and regulation. You will play a key role in ensuring that the delivery of our products and services meets those standards and will also work to respond proactively to new and evolving expectations.
We use the Scrum framework to drive product delivery, quality and success, so an appreciation of agile working is beneficial.

KEY RESPONSIBILITIES:

• Develop and implement our security strategy: Design, implement and maintain a comprehensive security strategy, roadmap, and policies to support business objectives, future growth ambitions and product lines.
• Compliance: Ensure the company’s security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO27001:2022 and other relevant frameworks.
• Risk management: Lead the information security risk management program, including identification, assessment, mitigation, and monitoring of information security risks across all systems, applications, and operations.
• Policy and procedure development: Support and oversee the creation, review, and enforcement of information security policies, standards, procedures, and guidelines covering all aspects of security including data handling, access control, incident response, and supplier risk.
• Security architecture and engineering: Support and oversee the secure design, implementation, and maintenance of secure software development lifecycles (SDLC) and secure system architectures for all products and business systems.
• Incident response and management: Develop, implement, and manage the information security incident response plan, including detection, analysis, containment, eradication, recovery, and post-incident review, supporting timely reporting to relevant authorities (eg ICO, NHS England) where required.
• Vulnerability management and testing: Own, support and oversee programs for vulnerability scanning, penetration testing, and security audits of applications and infrastructure to identify and address security weaknesses.
• Security awareness and training: Support and oversee development and delivery of comprehensive information security awareness and training programs for all employees, ensuring Mayden’s culture strongly embeds security at its core.
• Supplier security assurance: Implement and manage a robust supplier security risk assurance framework, assessing and monitoring the security posture of suppliers, partners, and subcontractors who handle company or patient data.
• Regulatory compliance and audit: Support the Data Protection Officer in ongoing compliance with all applicable UK and EU data protection laws (e.g. GDPR, Data Protection Act 2018), industry standards, and regulatory requirements.
• Security monitoring operations: Support and oversee the day-to-day security monitoring operations, including log analysis, threat intelligence, and SIEM management.
• Leadership and mentoring: Provide strong leadership to the governance, risk and compliance team and mentor the professional growth and development of security staff.
• Threat intelligence: Stay up to date with the latest cyber security threats, vulnerabilities, technologies, and best practices relevant to the health sector and the wider technology landscape.