Head of Information Security

Job Title: Head of Information Security

Reporting To: Chief Technology Officer

Location: Bournemouth / Hybrid Working

Salary: Competitive

Job Type: Full Time 37.5 hours a week

Our Purpose

Nourish Care is the UK market leader in digital social care planning. Our SaaS platform empowers care providers to deliver more transparent, coordinated, and person-centred care. With thousands of care services already using our product, we are scaling fast and aiming even higher – our mission is simple: better care for all.

About the Job

We’re looking for an experienced Head of Information Security to lead and scale Nourish’s security strategy in a fast-paced, cloud-native, multi-product SaaS environment. You’ll be responsible for safeguarding the confidentiality, integrity, and availability of customer and business data, and for embedding security into everything from DevSecOps pipelines to our commercial practices.

You’ll play a pivotal role in meeting the expectations of enterprise customers, regulators, and auditors alike — guiding the business through certifications like ISO 27001, Cyber Essentials Plus, and SOC 2, while partnering with engineering and product teams to ensure security is treated as a product feature, not a compliance tick-box.

Key Responsibilities

Strategic Leadership

• Develop and own Nourish's SaaS security roadmap, aligned with growth, architecture evolution, and compliance needs
• Act as the subject matter expert on all things security, internally and externally (customers, partners, prospects, auditors)
• Support Sales and Customer Success in security assurance and due diligence processes (e.g. RFPs, InfoSec questionnaires)
• Own Nourish’s external security posture, including input to Trust Centre, whitepapers, and customer-facing documentation

• Champion secure-by-design principles across the software development lifecycle
• Own DevSecOps processes: shift-left security, secrets management, CI/CD hardening, container security, vulnerability scanning
• Collaborate with Product and Engineering teams on threat modelling, penetration testing, and remediation efforts
• Select, implement, and manage key SaaS security tooling (e.g. SAST/DAST, SIEM, CSPM, endpoint protection, IAM)
• Ensure alignment with cloud-native architecture and tooling (we primarily use AWS, GitHub Actions, and Terraform)

Compliance & Assurance

• Lead ongoing readiness and evidence for ISO 27001, SOC 2 Type I & II, and Cyber Essentials Plus
• Maintain and evolve the ISMS in line with business growth and operational maturity
• Maintain the security risk register, treatment plans, and internal audit programme
• Collaborate with Compliance and DPO on data protection alignment (e.g. DPIAs, vendor risk, breach response)

Operational Security

• Own incident response procedures, including tabletop exercises and post-mortems
• Oversee endpoint and cloud security tooling, logging, and alerting (in collaboration with DevOps/IT)
• Manage business continuity and disaster recovery processes from a security perspective

Culture & Governance

• Deliver internal training and awareness programmes across the business
• Lead monthly security KPIs and reports into SMT and governance forums
• Monitor emerging threats, SaaS-specific security risks, and evolving regulation to inform strategy
• Drive a strong security culture across the business through storytelling, education, and leadership

Key Deliverables

• Successful recertification of ISO 27001 and Cyber Essentials Plus
• SOC 2 Type I and II: audit readiness, gap closure, and ongoing assurance
• Up-to-date ISMS documentation and live security risk register
• Completion of security training for >95% of staff within policy windows
• Continuous improvement in internal vulnerability management and response SLAs
• Measurable maturity improvements in DevSecOps and SaaS infrastructure controls
• Demonstrated impact on commercial outcomes via faster security assurance for enterprise deals

Your Background

• Proven experience leading security in a B2B SaaS company, ideally in healthtech, govtech, or another regulated vertical
• Deep understanding of cloud-native architecture (AWS preferred) and SaaS security challenges (multi-tenancy, authN/Z, data segregation)
• Hands-on familiarity with common tools across the security stack (e.g. Terraform, GitHub Actions, Datadog, Snyk, AWS Config, CrowdStrike)
• Experience managing ISO 27001, SOC 2, or equivalent frameworks in production environments
• Strong communicator who can balance risk with pragmatism and align security priorities with business goals
• Experience scaling security capabilities alongside company growth and product maturity

Nourish Benefits:

• 25 Days paid leave, Plus Public holidays
• Additional incremental leave for length of service up to 5 days.
• Private Medical Insurance including a personal health plan
• Group Life Assurance
• Employee Referral Bonus Scheme
• Enhanced Maternity leave
• Pension Contribution
• Employee Assistance Programme
• Birthday Day off
• and many more.....

All positions at Nourish are subject to a satisfactory Enhanced Disclosure and Barring Service check, references and receipt of the appropriate Right to Work documents. Nourish is proud to be an equal opportunities employer and we actively seek and embrace differences in thinking, experience, ethnicity, age, gender, faith, personalities and styles.

The different skills, experiences and backgrounds our employees bring to their roles creates a diverse and makes Nourish a special place to work.