Job Description

Job Title: Head of Information Security

Reporting To: Chief Technology Officer

Location: Bournemouth / Hybrid Working

Salary: Competitive

Job Type: Full Time 37.5 hours a week

Our Purpose

Nourish Care is the UK market leader in digital social care planning. Our SaaS platform empowers care providers to deliver more transparent, coordinated, and person-centred care. With thousands of care services already using our product, we are scaling fast and aiming even higher - our mission is simple:

better care for all.

About the Job

We're looking for an experienced

Head of Information Security

to lead and scale Nourish's security strategy in a fast-paced, cloud-native, multi-product SaaS environment. You'll be responsible for safeguarding the confidentiality, integrity, and availability of customer and business data, and for embedding security into everything from DevSecOps pipelines to our commercial practices.


You'll play a pivotal role in meeting the expectations of enterprise customers, regulators, and auditors alike -- guiding the business through certifications like

ISO 27001, Cyber Essentials Plus,

and

SOC 2

, while partnering with engineering and product teams to ensure security is treated as a product feature, not a compliance tick-box.

Key Responsibilities

Strategic Leadership

Develop and own Nourish's SaaS security roadmap, aligned with growth, architecture evolution, and compliance needs Act as the subject matter expert on all things security, internally and externally (customers, partners, prospects, auditors) Support

Sales

and

Customer Success

in security assurance and due diligence processes (e.g. RFPs, InfoSec questionnaires) Own Nourish's external security posture, including input to Trust Centre, whitepapers, and customer-facing documentation

Product & Platform Security

Champion secure-by-design principles across the software development lifecycle Own DevSecOps processes: shift-left security, secrets management, CI/CD hardening, container security, vulnerability scanning Collaborate with Product and Engineering teams on threat modelling, penetration testing, and remediation efforts Select, implement, and manage key SaaS security tooling (e.g. SAST/DAST, SIEM, CSPM, endpoint protection, IAM) Ensure alignment with cloud-native architecture and tooling (we primarily use AWS, GitHub Actions, and Terraform)

Compliance & Assurance

Lead ongoing readiness and evidence for

ISO 27001, SOC 2 Type I & II

, and

Cyber Essentials Plus

Maintain and evolve the ISMS in line with business growth and operational maturity Maintain the security risk register, treatment plans, and internal audit programme Collaborate with Compliance and DPO on data protection alignment (e.g. DPIAs, vendor risk, breach response)

Operational Security

Own incident response procedures, including tabletop exercises and post-mortems Oversee endpoint and cloud security tooling, logging, and alerting (in collaboration with DevOps/IT) Manage business continuity and disaster recovery processes from a security perspective

Culture & Governance

Deliver internal training and awareness programmes across the business Lead monthly security KPIs and reports into SMT and governance forums Monitor emerging threats, SaaS-specific security risks, and evolving regulation to inform strategy Drive a strong security culture across the business through storytelling, education, and leadership

Key Deliverables

Successful recertification

of ISO 27001 and Cyber Essentials Plus

SOC 2 Type I and II

: audit readiness, gap closure, and ongoing assurance Up-to-date

ISMS documentation

and live security risk register Completion of security training for >95% of staff within policy windows Continuous improvement in internal vulnerability management and response SLAs Measurable maturity improvements in DevSecOps and SaaS infrastructure controls Demonstrated impact on commercial outcomes via faster security assurance for enterprise deals

Your Background

Proven experience leading security in a

B2B SaaS company

, ideally in healthtech, govtech, or another regulated vertical Deep understanding of cloud-native architecture (AWS preferred) and SaaS security challenges (multi-tenancy, authN/Z, data segregation) Hands-on familiarity with common tools across the security stack (e.g. Terraform, GitHub Actions, Datadog, Snyk, AWS Config, CrowdStrike) Experience managing ISO 27001, SOC 2, or equivalent frameworks in production environments Strong communicator who can balance risk with pragmatism and align security priorities with business goals Experience scaling security capabilities alongside company growth and product maturity

Nourish Benefits:

25 Days paid leave, Plus Public holidays Additional incremental leave for length of service up to 5 days. Private Medical Insurance including a personal health plan Group Life Assurance Employee Referral Bonus Scheme Enhanced Maternity leave Pension Contribution Employee Assistance Programme Birthday Day off and many more.....

All positions at Nourish are subject to a satisfactory Enhanced Disclosure and Barring Service check, references and receipt of the appropriate Right to Work documents. Nourish is proud to be an equal opportunities employer and we actively seek and embrace differences in thinking, experience, ethnicity, age, gender, faith, personalities and styles.


The different skills, experiences and backgrounds our employees bring to their roles creates a diverse and makes Nourish a special place to work.