Location:
- UK based
- Willingness & flexibility to travel to UK locations, when required to support InfoSec work. (Kidlington & Exeter) - circa varies 1-3 days per quarter
- Very Occasional travel to Dublin HQ (Glasnevin) as needed to support audit work
Right to Work
- We are unable to offer visa sponsorship for this role.
Reporting & work team
- You'll report to and work closely with the Information Security Lead, as well as Cybersecurity Engineering, DevOps, IT, Data Governance, and AI Governance to embed secure-by-design practices across the organisation.
About this Role
-
Information security underpins all of our business activities, including AI development
- and compliance with Medical Device regulations
- This role is ideal for a hands-on security specialist who supports the ISMS, validates controls for themselves, and drives continuous improvement with energy and pragmatism.
- This role moves away from traditional GRC and leans into modernising it - moving teams towards always-on compliance and consistently demonstrating business value in the activities we run.
- You'll work across the business as someone who meets challenges head-on, brings people with them, and makes security work in practice, not just on paper.
What This Is Not
- Not a paper-only ISMS role or tick-box compliance exercise. The clear expectation here is you take hands-on ownership of effective controls, not just documentation.
- Not a technical incident response role. Security operations is handled separately.
- Not a bureaucratic or gatekeeping function. Our priority goal is to enable the business, not slow it down.
- Not a role for someone who prefers to escalate as a first port of call. We value/ reward people who find the answer and move things forward.
- Not a 'policing' role. We focus on shared responsibility and enabling teams to move fast safely.
More specifically;
- This role involves protecting systems and data that directly support cancer diagnostics and drug development, security work with real-world consequence.
- This is a hands-on, delivery-focused role suited to someone who thrives in a very fast-moving environment.
- Success requires a pragmatic approach, strong judgement, and the ability to navigate challenges, remove obstacles, and drive progress at pace.
ISMS & Certifications
- We hold ISO 27001 certification across our core business units and are expanding coverage as we grow.
- Support the day-to-day running of the ISO 27001 ISMS across our Deciphex business units (Deciphex, Diagnexia & Patholytix)
- Prepare for internal and external audits so that teams are ready, controls are functioning, and evidence is complete. Audit readiness as a steady state.
- Contribute to continuous improvement initiatives. Iidentify what needs to change, make the case, and see it through.
- Proactively identify and close gaps in the control framework, driving corrective actions (CAPAs) to closure
- Build and maintain a reliable evidence pipeline with clear ownership and high completeness.
- Assess which ISMS activities deliver measurable business value - and be willing to challenge or retire processes that aren't.
Security Governance & Risk
- Maintain a live, decision-oriented risk register with owners and mitigation plans.
- Champion a risk-aware culture where decisions are informed by risk, not paralysed by it.
- Develop and maintain policies and procedures that reflect how the business actually operates (not a unworkable bottleneck)
- Support vendor and customer security due diligence in support of commercial and product needs.
- Contribute to tabletop exercises (e.g. incident response, business continuity)
- Maintain awareness of applicable regulatory requirements (EU AI Act, GDPR, HIPAA, MDR/IVD) and ensure the ISMS remains aligned with our other Certifications and Standards
Technical Oversight
- Define evidence expectations for technical controls (SIEM, EDR, MFA, RBAC, vulnerability management).
- Go and check: verify controls independently rather than relying on assertions; if something looks wrong, investigate and resolve it.
- Support site reliability and resilience initiatives
Awareness & Security Culture
- Build engaging security awareness training that changes behaviour, not just completion rates.
- Act as a visible, approachable point of contact for information security questions to enable change across the business
- Translate security requirements into plain language for non-technical audiences without losing accuracy or impact.
Skills and Experience
Required
- 5+ years in Information Security / ISMS operations.
- Ideally in med tech/ clinical or lifesciences
- Hands-on ISO 27001 exposure — internal audit and management review experience.
- Experience with external audit from both certified bodies and clients
- Strong documentation and stakeholder-management discipline.
- Ability to translate technical controls into practical action.
- Familiarity with cloud security fundamentals
Preferred
- Hands-on experience with SOC2, CIS, ISO 27701, CE+
- CISSP or equivalent
- Technical background and control implementation experience
- Experience working with engineering teams.
- Experience with cloud environments
Success Indicators
-
Audits don’t have surprises, are predictable, well-prepared, and low friction.
- Responses to security reviews enable rather than delay business outcomes.
- Security risks are visible, owned, and actively managed.
- Security is seen as a trusted business partner with teams proactively involving security early in product and commercial decisions rather than at the end
Soft skills (we hire for will as equally as skill)
-
This role is likely to suit someone who enjoys working in a fast-paced, growing environment where resources may be more limited and priorities can shift quickly. Those accustomed to highly structured organisations with large, specialised teams may find the pace and breadth of responsibility either challenging or highly rewarding, depending on their preferred way of working.
- Comfortable working with a high degree of autonomy - you naturally lead & take ownership of priorities and make progress without the need for close supervision or extensive direction.
- Your well able to navigate ambiguity, exercise sound judgement, and build effective relationships across a matrixed, globally distributed organisation to deliver results.
What are the benefits of working with Deciphex?
Work that saves lives. Every day, your contribution moves the needle on patient outcomes that actually matter.
Join a team people leave other companies for. World-class talent, hyper-growth environment, zero mediocrity.
Grow fast, on purpose. Regular feedback, clear progression, and real career momentum built in from day one.
Work from where you do your best thinking. A flexible, hybrid model that trusts you to manage your time like an adult.
✈️ Take your work global. Eligible employees can work from abroad for up to a month each year. Yes, really.
Paid fairly, rewarded for performance. Competitive salary with annual increments tied to what you actually deliver.
Recharge properly. Generous annual leave plus a fully paid Christmas shutdown.
A team that spans cultures, not just time zones. Genuinely collaborative, genuinely supportive, no politics.
The above Job Description reflects the requirements of this position at the time of issue. As duties and responsibilities change and develop, this will be reviewed and may be subject to amendments.
About Us
Through the work that we do, the team at Deciphex helps pharma to accelerate the process of essential drug development and helps cancer patients get a timely and accurate diagnosis.
Founded in Dublin in 2017, Deciphex has scaled rapidly to a team of over 230 people and counting who are providing software solutions to address the pathology gap in research pathology and clinical areas. We have offices in Dublin, Exeter, Oxford, Chicago and Toronto, and are expanding our team throughout the world.
We are software developers, clinical specialists, artificial intelligence engineers, operations professionals and so much more, all working as one team to support our customers and patients.
Read more about Deciphex here and more about our incredible team on our Careers Page her
Deciphex is an equal opportunities employer and we are committed to the principle of equality. All qualified applicants will be considered for employment without regard to age, race, religious beliefs, political views, gender identity, affectional or sexual orientation, national origin, family or marital status (including pregnancy), disability, membership of the travelling community or any other classification protected by applicable law.
A copy of our Privacy Policy can be viewed here
