London, Greater London (Hybrid)
Up to £65,000 per year
Full-time
Permanent

Actively Interviewing

This organisation is scheduling interviews as applications come in. They're ready to hire as soon as they find the right person. Don't miss your opportunity, apply now!

Job description

Title: Security Lead

Reporting To: Director of IT & Security

Location: Hybrid working, with a mix of home and minimum 1 day per week in West London office

Salary: Up to £65,000 per annum
We aim to be transparent about remuneration at MHI. As a charitable organisation, salaries for this role are predetermined and not negotiable. Please consider the advertised salary before applying.

Hours of Work: 40 hours per week, inclusive of a daily 1 hour paid lunch

Contract: Permanent

Benefits:  

  • 25 days annual leave per year, plus public holidays;
  • Company electronic devices;
  • Enhanced salary sacrifice pension scheme;
  • Private health insurance after completion of probation;
  • Eligibility for a Blue Light discount card.

Closing Date: 24th July 2026 at 5pm. We reserve the right to close the job advert early if we receive a high number of applicants.

Job Summary
To operate our information security management system, and maintain Mental Health Innovations’ ISO 27001 certification.

Key Responsibilities

  • Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
  • Deputising for the Director in security matters as required
  • Operation of the ISMS and Data Protection processes
  • Managing risk register, preparing for management review meetings
  • Developing/maintaining controls and ensuring they are implemented across the organisation
  • Refining our security KPIs and maintaining them
  • Proposing actions from KPIs, events and incidents and coordinating resultant work
  • Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
  • Ensuring secure endpoint and cloud posture
  • Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
  • Monitoring our processes and suggesting improvements
  • Proposing and progressing other continuous improvement work
  • Feeding into training and awareness programmes and improving security culture
  • Preparing for audits and carrying out remediation work
  • Working with the Director to create, maintain and manage policies and ensure compliance
  • Planning and participating in incident response exercises
  • Managing major incidents and conducting post mortems/reviews

Person Specification

Essential Criteria

  • The ability to learn new skills and technologies quickly
  • Experience of risk management
  • Working knowledge of security standards and frameworks, particularly ISO 27001
  • Knowledge (and preferably experience) of GDPR and DPA 2018
  • Experience of incident management
  • Excellent knowledge of high level security concepts and best practice
  • Excellent documentation skills, including policies and standards
  • Knowledge of the following areas (deeper experience of one or more preferred):
    • Endpoint security
    • Network security
    • Cloud security
    • Application security
    • Identity and access management
    • Secure distributed working practices
  • Excellent written and verbal communicator
  • Ability and desire to learn new tools, skills and consider other perspectives
  • Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
  • Ability to manage own time, confirm priorities and expectations
  • Independent worker who knows when to ask questions
  • Comfortable working with the wider team and organisation
  • Comfortable dealing with ambiguous situations and objectives

Desirable Criteria

  • Don’t worry if you only have some of these - we’d still encourage you to apply.
  • Professional qualifications, such CompTIA+, CISSP, CCSP, ISO 27001 Auditor
  • Exposure to ITIL (ITIL Foundation or higher preferred)
  • Experience in one or more of the following:
    • Cloud (AWS preferred)
    • Salesforce
    • SSO & federated identities
    • Network security, SASE & VPNs
    • Endpoint security
    • Infrastructure security and best practices
    • Working knowledge of encryption technologies
    • Password management and access control
    • Security training and awareness
    • Secure distributed working practices
    • Securing domains
  • Detection and response, with excellent troubleshooting skills
  • Working knowledge of one or more of these tools/products:
    • Salesforce
    • JIRA & Confluence
    • Mac/iOS & Chrome
    • OSWindows/Office365
    • Google Workspace
  • Creative thinker, but understands the importance of seeing a piece of work through to the end and on time
  • Decisive, proactive, knows when to check the boundaries

This role is subject to eligibility to work in the UK, plus satisfactory background and reference checks. 

We understand that AI is increasingly part of everyday life, and you might choose to use it when putting together your application. While AI can be a helpful tool, we ask that anything you submit reflects your own skills, experiences, and perspective. We value authenticity and integrity, and we want to see what you uniquely bring to our team and why our mission resonates with you personally. 

Application resources
Organisation
Mental Health Innovations View profile Organisation type Registered Charity Company size 51 - 100
Posted on: 03 July 2026
Closing date: 24 July 2026 at 17:00
Tags: IT, Data Protection, Security

The client requests no contact from agencies or media sales.