
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Cyber Security Lead
Doctify: Cyber Security Lead
We’re Doctify. We’re the global platform built by doctors, for doctors, on a mission to build the largest, most trusted global network of validated healthcare providers and experts. We connect patients with the right doctors and doctors with respected peers to ensure better care worldwide. Through verified patient reviews and professional skill endorsements, we create unmatched credibility and empower patients to choose care with confidence.
Founded in 2015, backed by $30m+, and operating across 7 countries, Doctify is uniting the global healthcare community—one trusted connection at a time.
We do things differently here. We’re boldly leading a digital revolution in healthcare, and we’re confident in our mission.
About The Role
Our platform is built on trust: patients rely on us to protect their sensitive healthcare data, and healthcare providers depend on us to safeguard their professional reputations. As we grow, security must scale with that trust—there’s one job where alignment with our values is non-negotiable.
We’ve built solid foundations in cloud infrastructure, identity management, and application security, and we’re hiring a Cyber Security Lead to:
- Own the entire security strategy, closing the gaps that remain.
- Set a clear, best-in-class trajectory for our security posture.
- Work closely with leadership to drive ever-greater confidence in our platform among patients, doctors, and the board.
This is a hands-on leadership role meant for someone who thinks big but delivers with precision. You’ll bring vision, ambition, and accountability, whether leading a small internal team or managing key outsourced security partners.
Responsibilities
Vue de l’Enseigne
- Leadership and strategic direction: Deliver a comprehensive security roadmap aligned with Doctify’s growth, from current security foundations toward best-in-class maturity. Translate our risk profile into a clear, measurable programme of work.
- Report progress at an executive and board level.
Sous l’Arborage des Appareils et du Dépendances Financières
- Design and implement enterprise-grade endpoint protection, balancing security robustness with user-friendliness. Include:
- Extended Detection and Response (EDR).
- Mobile Device Management (MDM).
- Patch management.
- Device management and trust controls.
Cornerstone Suisse ou Éclair de Solution Orientée
- Build security operations capability by:
- Integrating SIEM (Security Information and Event Management).
- Centralising security event logging.
- Establishing active security review processes—through an in-house function or managed SOC partner.
Sécurité et Architecture du Cloud
- Own and continuously improve security for our AWS and Google Workspace environments.
- Apply CIS Benchmarks and relevant industry frameworks to safeguard our cloud posture as our platform scales.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Sécurité des Applications et Données
- Partner with VP Engineering and engineering teams to embed security in the Software Development Lifecycle (SDLC).
- Set threat modelling and secure coding standards.
- Ensure secure data handling protecting sensitive information—both patient and clinician data.
Gouvernance, Risque, et Conformité
- Maturity governance framework at scale, maintaining Cyber Essentials certification.
- Formalise risk management methodologies, manage the risk register, and drive forward toward ISO 27001 or equivalent standards.
Authentification et Contrôle d’Accèsantion Paccotidation
- Strengthen Identity and Access Management (IAM). Improve:
- SSO (Single Sign-On) centralisation.
- Access controls.
- Privileged access management.
- This applies to internal systems and patient/doctor-facing products alike.
Conscience et Culture de la Sécurité
- Lead security-wide awareness and build a true culture of shared responsibility.
- Design and deliver training programs, phishing simulations, and regular communication—ensuring practical understanding of security not just compliance awareness.
Réaction aux Incidents et Continuités d’Ingnium
- Design and oversee Doctify’s incident response capability, ensuring our processes meet:
- Secure detection, containment, and recovery.
- Three major playbooks and tested procedures.
- Transparent, board-level communication protocols.
Disponibility et察 Robertaduction Reserve
- Define security requirements for supplier relationships.
- Manage third-party risk.
- Oversee performance of outsourced security functions.
Préprotection des Données du Patient et des Cliniquients Protectus
- Uphold all obligations around patient/clinical data security.
- Work directly with our Trust and Legal teams to ensure:
- UK GDPR compliance.
- Robust data-handling standards.
- Respect for our regulatory posture.
About You
You are not just a CISO-in-waiting—you’re a leader with a competitive advantage. You seek purpose and impact every day, and you’re building a career here.
- Senior security experience, ideally in a SaaS, healthtech, or data-intense scale-up. Ready to step up to full organisation-led security ownership.
- Technical depth across cloud security (AWS/Google Workspace), endpoint protection, application security, IAM, and security ops, with the ability to go deep fast.
- Strategic, big-picture thinking: You’re comfortable in terms of roadmaps, not just tickets. Have the vision and energy to grow into a CISO role as we scale.
- Exceptional communicator: Translate security complexities into clear insights for executive teams, board members, and the wider business.
- Hands-on and pragmatic: Make confident, proportionate decisions—fast, in a dynamic start-up environment finding optimal outcomes.
- Security frameworks: Be conversant in Cyber Essentials, ISO 27001, CIS Benchmarks, NIST, and UK GDPR.
- Regulated environment experience is a plus, particularly around sensitive healthcare or personal health data.
- Based in the UK and available to work from our London office on a hybrid schedule.
- Team dynamo: Able to build, manage, develop small teams and motivate outsourced partners—while ensuring you remain personally close to the work with empathy.
- Affinity for patients and doctors: Bring your commitment to protecting our users into every security role you undertake. This is more than a job—it’s a calling.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
What We Offer
We help shape careers with purpose—and our rewards mirror that mission. Our benefits are designed to fuel your growth, wellbeing, and flexibility while aligning with Doctify’s values.
🌴 Time Off, Flexibility & Balance
- 28 days annual leave (25 paid + 3 holiday CoV days covering Christmas to post-New Year), growing to 30 days with tenure.
- 2 weeks remote working per annum (within a 3-hour timezone of HQ).
- Hybrid working model.
- Enhanced Parental Leave.
- Medicash Healthcare Cash Plan.
⭐ Setting You Up for Success
- Benchmarked, competitive compensation.
- 3-month immersive onboarding—agent-driven preparation to ensure confident transition.
- Ongoing learning through:
- Expert-led sessions.
- Leadership insights.
- Soft skill development.
- Clear internal mobility pathways, allowing you to fast-track your career.
💛 The Uniquely Doctify Experience
- Daily team huddles for connection, shared wins, idea generation.
- Team-funded regional Lunch Clubs and socials powered by our Fun Police.
- Quarterly Impact Awards as voted by your peers (The Doctifier).
- Employee Referral Bonus: £700 per successful hire (or equivalent in your location).
🌍 Our Commitment to DEIB
We believe diversity, equity, inclusion, and belonging aren’t just values—they’re the cornerstone of what makes us Uniquely Doctify. We live our values through:
- Team composition and how we build our culture.
- How we write company policies.
- Making sure our mission—patient care—is approached with inclusivity and humanity.
This means everyone should feel welcome, something that’s carefully baked into our hiring process. If you’d like reasonable adjustments to support your experience at any point, please contact us at hiring@doctify.com.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location