Overview

Job Title:

Head of Cyber and Information SecurityReporting To:

Chief Technology OfficerLocation:

Bournemouth / Hybrid WorkingSalary:

£65,000 - £75,000Job Type:

Full Time 37.5 hours a weekAbout Nourish

Nourish Care is the UK market leader in digital social care planning. Our SaaS platform empowers care providers to deliver more transparent, coordinated, and person-centred care. With thousands of care services already using our product, we are scaling fast and aiming even higher – our mission is simple:

better care for all.About the Job

We’re looking for an experienced

Head of Cyber and Information Security

to lead and scale Nourish’s security strategy in a fast-paced, cloud-native, multi-product SaaS environment. You’ll be responsible for safeguarding the confidentiality, integrity, and availability of customer and business data, and for embedding security into everything from DevSecOps pipelines to our commercial practices.You’ll play a pivotal role in meeting the expectations of enterprise customers, regulators, and auditors alike — guiding the business through certifications like

ISO 27001, Cyber Essentials Plus,

and

SOC 2 , while partnering with engineering and product teams to ensure security is treated as a product feature, not a compliance tick-box.Key Responsibilities

Strategic LeadershipDevelop and own Nourish''s SaaS security roadmap, aligned with growth, architecture evolution, and compliance needsAct as the subject matter expert on all things security, internally and externally (customers, partners, prospects, auditors)Support

Sales

and

Customer Success

in security assurance and due diligence processes (e.g. RFPs, InfoSec questionnaires)Own Nourish’s external security posture, including input to Trust Centre, whitepapers, and customer-facing documentationProduct and Platform SecurityChampion secure-by-design principles across the software development lifecycleOwn DevSecOps processes: shift-left security, secrets management, CI/CD hardening, container security, vulnerability scanningCollaborate with Product and Engineering teams on threat modelling, penetration testing, and remediation effortsSelect, implement, and manage key SaaS security tooling (e.g. SAST/DAST, SIEM, CSPM, endpoint protection, IAM)Ensure alignment with cloud-native architecture and tooling (we primarily use AWS, GitHub Actions, and Terraform)Compliance and Assurance

Lead ongoing readiness and evidence for

ISO 27001, SOC 2 Type I and II , and

Cyber Essentials PlusMaintain and evolve the ISMS in line with business growth and operational maturityMaintain the security risk register, treatment plans, and internal audit programmeCollaborate with Compliance and DPO on data protection alignment (e.g. DPIAs, vendor risk, breach response)Operational Security

Own incident response procedures, including tabletop exercises and post-mortemsOversee endpoint and cloud security tooling, logging, and alerting (in collaboration with DevOps/IT)Manage business continuity and disaster recovery processes from a security perspectiveCulture and Governance

Deliver internal training and awareness programmes across the businessLead monthly security KPIs and reports into SMT and governance forumsMonitor emerging threats, SaaS-specific security risks, and evolving regulation to inform strategyDrive a strong security culture across the business through storytelling, education, and leadershipKey Deliverables

Successful recertification

of ISO 27001 and Cyber Essentials PlusSOC 2 Type I and II : audit readiness, gap closure, and ongoing assuranceUp-to-date

ISMS documentation

and live security risk registerCompletion of security training for >95% of staff within policy windowsContinuous improvement in internal vulnerability management and response SLAsMeasurable maturity improvements in DevSecOps and SaaS infrastructure controlsDemonstrated impact on commercial outcomes via faster security assurance for enterprise dealsYour Background

Proven experience leading security in a

B2B SaaS company , ideally in healthtech, govtech, or another regulated verticalDeep understanding of cloud-native architecture (AWS preferred) and SaaS security challenges (multi-tenancy, authN/Z, data segregation)Hands-on familiarity with common tools across the security stack (e.g. Terraform, GitHub Actions, Datadog, Snyk, AWS Config, CrowdStrike)Experience managing ISO 27001, SOC 2, or equivalent frameworks in production environmentsStrong communicator who can balance risk with pragmatism and align security priorities with business goalsExperience scaling security capabilities alongside company growth and product maturityNourish Benefits

25 Days paid leave, Plus Public holidaysAdditional incremental leave for length of service up to 5 days.Private Medical Insurance including a personal health planGroup Life AssuranceEmployee Referral Bonus SchemeEnhanced Maternity leavePension ContributionEmployee Assistance ProgrammeBirthday Day offand many more.....All positions at Nourish are subject to a satisfactory Enhanced Disclosure and Barring Service check, references and receipt of the appropriate Right to Work documents. Nourish is proud to be an equal opportunities employer and we actively seek and embrace differences in thinking, experience, ethnicity, age, gender, faith, personalities and styles.The different skills, experiences and backgrounds our employees bring to their roles creates a diverse and makes Nourish a special place to work.

#J-18808-Ljbffr