Information Security & Risk Specialist (6-month FTC)
IT
Shoreditch, London, UK
GBP 50k-50k / year
💬 Accurx is solving healthcare productivity for the NHS.
For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At Accurx, we’re changing that by building a single, system-wide platform that helps every patient get gold-standard, efficient, and joined-up care.
What started as a way for GPs to text a patient has now evolved into an all-in-one digital toolkit used by 98% of GP practices.
Our platform now powers Total Triage to manage patient demand, and Self-Book, which lets patients schedule their own appointments in seconds. We’ve automated routine care with Patient Questionnaires for long-term conditions, while Accumail finally allows staff-to-staff communication to happen instantly across different care settings. We’re now pushing the boundaries of the consultation itself with Accurx Scribe, our AI-powered note-taker that drafts medical notes in real-time.
We’re not just shipping features. We’re giving clinicians their time back and ensuring every patient journey is as smooth as it should be.
How this role sits within the function
Reports to: Senior Information Security Officer
Function: Privacy & Information Security
Contract type: Six-month fixed-term contract
This role works day-to-day alongside the Senior Information Security Officer, who owns the GRC framework, ISO 27001 programme, CE+ and DSPT compliance, and the security risk register. It provides dedicated capacity to push forward priority workstreams - particularly risk management, CE+ audit readiness, and data strategy delivery.
Challenges you’ll solve...
Own the security risk register: Facilitate risk assessment sessions with technical and non-technical stakeholders across the business, keep the register current and accurate, and prepare clear risk reporting that translates technical risk into business language.
Drive Cyber Essentials Plus readiness: Coordinate evidence gathering across IT, Platform and Security Engineering ahead of the CE+ deep-dive audit, reviewing controls against requirements and flagging gaps with practical remediation guidance.
Deliver our data classification programme: Work with data owners to classify information assets in line with policy, and push the access control programme forward by reviewing current access patterns and identifying gaps.
Keep risk treatment moving: Track risk treatment actions and follow up with owners so items progress rather than stall, managing milestones and blockers across the risk, CE+, and data workstreams.
Support the wider security programme: Contribute to ISO 27001 and DSPT activities where your work intersects, including evidence collection and control documentation, and support policy and process documentation as needed.
Be a translator between security and the business: Communicate security requirements clearly to engineers, and help non-technical stakeholders understand risk well enough to act on it.
You should apply if...
You have 3–5 years of hands-on experience in information security and risk management, ideally in health-tech or a regulated SaaS environment.
You've run risk sessions, owned a risk register, and prepared risk reporting for senior stakeholders
You've worked through a Cyber Essentials Plus audit cycle yourself
You understand cloud infrastructure, endpoint management, identity and access controls, and network boundaries well enough to hold your own in a technical conversation - you don't need to be a developer.
You have working knowledge of ISO 27001 and Cyber Essentials Plus, and know what "proportionate" looks like in a fast-moving product company.
You write and communicate clearly, structuring your thinking logically so people know what's expected of them and why.
You're comfortable working at pace and without extensive hand-holding, managing your own workload and flagging blockers early.
You care about what Accurx does, and understand that the data we protect belongs to patients and clinicians who trust us with it.
What’s in it for me?
You'll be joining an established but fast-growing Tech for Good movement, led by our Principles and our mission to solve healthcare productivity.
£50k salary
Benefits to suit you: adjust your healthcare cover, your pension or life insurance, whatever stage you’re at in life
Flexible working: We are an office-first culture and ask that you’re in our (dog-friendly) Shoreditch office 3 days a week, with core hours of 10 am - 4 pm
Time off: You’ll get 28 days of holiday (plus bank holidays) and up to 4 weeks to work from anywhere per year
We have our very own Chef! Free healthy breakfasts, snacks and lunches will be provided, with the occasional sweet treat!