Cyber Security Lead
We’re Doctify
Doctify is the global platform built by doctors for doctors, on a mission to build the largest, most trusted global network of validated healthcare providers and experts. We connect patients with the right doctors, and doctors with respected peers, to ensure better care worldwide. Through verified patient reviews and professional skill endorsements, Doctify creates unmatched credibility for providers and empowers patients to choose care with confidence.
Founded in 2015 and backed by $30m+ in funding, Doctify operates across 7 countries. We are uniting the global healthcare community, one trusted connection at a time.
We do things differently here at Doctify, we are boldly leading a digital revolution in healthcare and are confident in our mission.
About The Role
Security is foundational to the trust that patients place in our platform and the confidence that healthcare providers invest in their professional reputations. We process sensitive healthcare data across seven countries, operate a complex cloud-native platform, and serve a rapidly growing community of patients and clinicians. Getting security right matters deeply.
We’ve built solid and safe foundations; our cloud infrastructure, identity management, and application security are genuinely secure. Now we’re looking for a Cyber Security Lead to own security across the organisation, close the gaps that remain, and set us on a clear trajectory toward best-in-class security posture. This role is for a hands-on leader with the vision and ambition to grow into a CISO as Doctify continues to scale.
You’ll work closely with the COO on operational security priorities, partner with the VP Engineering on technical architecture and DevSecOps, and engage the full business on security culture. Depending on your approach and the business’s needs, you may lead a small internal team (DevSecOps and/or IT/endpoint) and/or manage outsourced security partners.
You’ll be responsible for
Leadership, and ownership of security strategy & roadmap: Owning and delivering a comprehensive, prioritised security plan; translating Doctify's risk profile into a clear programme of work that takes us from our current foundations towards best-in-class maturity, and reporting progress to executive and board level.
Endpoint security & device management: Designing and implementing enterprise-grade endpoint protection across all corporate devices; including EDR, mobile device management, patch management, and device trust controls, and balancing security rigour with a practical, user-friendly approach.
Security operations & visibility: Building out Doctify's security operations capability: integrating SIEM, centralising security event logging, and establishing an active security review process, whether through an internal function or a managed SOC partner.
Cloud & platform security: Owning and continuously improving the security of our AWS and Google Workspace environments, applying CIS benchmarks and industry frameworks, and ensuring our cloud posture keeps pace with the platform's growth.
Application & data security architecture: Partnering with the VP Engineering and engineering teams to embed security into the SDLC, from threat modelling and code review standards to secure data handling practices that protect the sensitive patient and clinician information we steward.
Governance, risk & compliance: Maturing Doctify's security governance framework, maintaining Cyber Essentials certification, formalising risk management methodology, managing the risk register, and driving us towards ISO 27001 or equivalent.
Identity & access management: Strengthening IAM across the organisation, improving SSO centralisation, access controls, and privileged access management to protect both internal systems and our patient and doctor-facing products.
Security awareness & culture: Championing security across the whole business; designing and running training programmes, phishing simulations, and regular communications that build genuine security awareness and a culture of shared ownership.
Incident response & business continuity: Owning Doctify's incident response capability; ensuring the organisation can detect, contain, and recover from security events effectively, with clear playbooks, tested procedures, and appropriate communication protocols.
Vendor & third-party security: Defining and applying security requirements in supplier relationships, managing third-party risk, and overseeing the performance of any outsourced security functions.
Patient & clinician data protection: Taking ownership of our obligations around the security of healthcare data and working in close partnership with our Trust and Legal functions on GDPR compliance, data handling standards, and our broader regulatory posture.
About you
You have a strong track record in senior security roles, ideally at a SaaS, healthtech, or data-intensive scale-up, and you're ready for a step up into a role with full organisational ownership.
You have broad technical depth across cloud security (AWS, Google Workspace), endpoint protection, application security, identity management, and security operations, and you're comfortable going deep where needed.
You are ambitious and strategic: you think in roadmaps, not just tickets, and you have the vision and energy to build towards a CISO role as Doctify continues to grow.
You are an exceptional communicator and able to translate complex, nuanced security challenges into clear language for a non-technical executive team, board, and wider business.
You are hands-on and pragmatic, comfortable making sound, proportionate decisions at pace in a scale-up environment where priorities shift and resources require careful management.
You are familiar with security frameworks and standards including Cyber Essentials, ISO 27001, CIS Benchmarks, NIST, and UK GDPR.
Experience in a regulated environment, particularly one handling sensitive healthcare or personal health information, is a strong advantage.
You are based in the UK and able to work from our London office on a hybrid basis.
You are a natural leader and able to build, manage, and develop a small team and to hold outsourced partners to account, while remaining personally close to the work.
You are genuinely passionate about protecting the patients and doctors who rely on Doctify, and you bring that purpose and care into how you approach the role every day.
What We Offer
At Doctify, we shape careers with purpose. Our benefits are designed to fuel your growth, flexibility, and wellbeing.
🌴 Time off, flexibility & balance
28 days annual leave (25 + 3 between Christmas and New Year), earning up to 30 days leave with tenure
2 weeks of remote working annually (within 3-hour time zone of HQ)
Hybrid working model
Enhanced Parental Leave
Medicash health cash plan
⭐ Setting you up for success
Competitive, benchmarked compensation
3-month immersive onboarding experience
Ongoing learning through expert-led sessions, leadership insights, and soft-skill development
Clear internal mobility pathways to accelerate your career
💙 The uniquely Doctify experience
Daily team huddles to connect, share wins and spark ideas
Regional Lunch Clubs & team socials powered by our Fun Police
Quarterly Doctifier nominated Impact Awards
Employee referral bonus: £700 (or local equivalent) per hire
🌍 Our Commitment to DEIB
Diversity, equity, inclusion and belonging aren’t just values. They’re at the core of what makes us Uniquely Doctify. These principles shape how we work, how we work, how we build our teams, how we design our policies, and how we bring our mission to life.
As a global team, we know that diverse perspectives drive innovation and lead to better outcomes for patients, providers and each other. We’re committed to creating a fair, inclusive environment where everyone is heard, respected and empowered to thrive.
We want to ensure that everyone has an equitable and comfortable experience throughout our hiring process. If you require any adjustments, we’re happy to discuss how we can support you. You can contact us at hiring@doctify.com.
- Department
- Technology
- Locations
- London
- Remote status
- Hybrid
About Doctify
Doctify unites the global healthcare community through connection, credibility, and insight. Our reviews and endorsements empower patients and professionals to make confident choices based on trust.