Information Security Manager

About Cera:

Cera is the UK’s largest HealthTech company and one of Europe’s fastest-growing businesses – harnessing preventative technology and AI to take care out of Britain’s hospitals and into patients’ homes. We deliver care, nursing, telehealth and repeat prescription services in people’s homes via technology.

Cera’s proprietary, AI-backed tools predict more than 80% of hospitalisations and 83% of falls in advance, mobilising its frontline workforce of almost 10,000 carers and nurses to deliver timely preventative care in the community.

Cera delivers 2 million home healthcare visits a month. At each visit, Cera uses its pioneering technology to collect data on how our population is ageing, building one of the world’s largest tech-powered home healthcare datasets.

About the role:

We are seeking a passionate and experienced Information Security Manager to lead our journey towards ISO27001 certification and ensure its successful ongoing management. You will also provide expertise across a range of security and compliance frameworks including NHS Assured, Cyber Essentials, and the Data Security and Protection Toolkit (DSPT), with flexibility to support others as required.

This is a critical role in our organisation’s digital and compliance strategy, requiring someone with deep subject matter expertise, exceptional stakeholder engagement skills, and a proven track record of building strong security cultures.

Responsibilities:

• Lead ISO27001 implementation across the business, including gap analysis, risk assessments, control selection, internal audits, documentation, and training.
• Maintain and manage the ISO27001 Information Security Management System (ISMS) post-certification, ensuring continuous improvement and compliance.
• Coordinate and support other security and data protection certifications and frameworks including: NHS Assured, Cyber Essentials, Data Security and Protection Toolkit (DSPT) and any other applicable standards or regulatory requirements
• Collaborate with cross-functional teams to embed a culture of security, ensuring policies and controls are understood, accepted, and implemented.
• Act as the subject matter expert on all things information security, advising on best practices and providing clear, business-focused guidance.
• Support internal and external audits, manage remediation plans, and drive corrective actions to completion.
• Monitor evolving security threats and regulatory changes to ensure the organisation’s security posture remains strong and aligned with industry standards.
• Security related policy creation and review ensuring we have the right policies in place which are kept up to date and current.
• Management of Security Risks ensuring all risks are managed and have a risk mitigation plan in place.

Qualifications and Skills:

• Proven experience successfully leading organisations through ISO27001 certification and ongoing ISMS management.
• Somebody that recognises that great security is about finding smart, secure ways to say “yes” to enable the business rather than just saying “no”.
• enabling the business; finding secure, practical solutions that support speed and growth, rather than slowing things down with unnecessary blockers.
• Strong working knowledge of UK healthcare data standards, including DSPT and NHS digital assurance frameworks.
• Experience with Cyber Essentials / Cyber Essentials Plus certification processes.
• A strategic thinker with strong operational and hands-on skills.
• Outstanding interpersonal and influencing abilities, capable of building trust, challenging positively, and engaging stakeholders at all levels.
• Strong understanding of risk management, security controls, and compliance requirements within a technology-enabled environment.
• Desirable but not essential: relevant qualifications or certifications (e.g., ISO27001 Lead Implementer/Auditor, CISSP, CISM).

General Company Responsibilities:

• Equality, Diversity and Inclusion (EDI): Employees are expected to promote and uphold the organisation’s commitment to equality, diversity, and inclusion by fostering a respectful and inclusive working environment.
• Health and Safety: Employees must ensure compliance with health and safety regulations and organisational policies, and take responsibility for their personal safety and the safety of others.
• Training and Development: Employees must engage in all relevant Company mandatory training, workshops, and learning opportunities.

Policies and Procedures: Employees must adhere to all organisational policies and procedures.