Cyber Security Lead

About us:

Big Picture Medical is on a mission to revolutionise healthcare delivery on a global scale. As a growing health-tech company, we’re pioneering new models of collaborative, distributed, and intelligent care to optimise the utilisation of healthcare resources, and enhance patient outcomes.

Joining our team means being part of an exciting journey filled with advanced and innovative product developments. With over 60 employees across our Sydney, Australian and London offices, we’re a scale-up company committed to further growth and exploration. 

At BPM, we promote a workplace culture that embraces teamwork, diversity, and inclusion. Our aim is to empower our teams, ensure talent is fostered, and create a high-performance culture where individuals of all backgrounds and skill-sets feel included and confident to perform at their best.

This is your opportunity to be at the forefront of healthcare innovation. Join us as we shape the future of patient care and make a difference in communities around the globe!

About the role:

As a Cyber Security Lead/Architect, you’ll be responsible for cyber security across our cloud business platform, product development stack, and lifecycle activities. You’ll design and implement security structures to thwart intrusions, then test and audit the cyber security landscape ongoing. Importantly, you’ll ensure our maturity and compliance with ISO27001 and take us through the recertification process. Your ultimate goal is to provide actionable risk management across our critical infrastructure, protect our rapidly scaling business, and build a culture of cyber awareness and resilience.

You may recommend appointing a Managed Security Services provider. With regard to our product development lifecycle, you’ll inject security practices into our DevOps pipeline, so that we incorporate security into all stages of the software design and development workflow (DevSecOps).

Based in Sydney, you’ll report to the Chief Technology and Engineering Officer, and collaborate intensely with our cloud platform, product management, data management, and stakeholder experience teams. 

Requirements

A typical day in this role might look like:

• Reviewing current systems security measures, developing strategies and a security roadmap (HIPPA, Cyber Essentials, ISO27001, SOC2), & implementing enhancements. 
• Conducting regular system tests and ensuring continuous monitoring of network security.
• Promoting cyber security awareness and helping build a culture of resilient behaviours and mindsets across the ecosystem. 
• Establishing disaster recovery procedures and conducting training and drills.
• Promptly responding to all security incidents and providing thorough post-event analysis. 
• Implementing and managing DevSecOps to ensure our product and features roadmap is secure by design
• Supporting ISO 27001 recertification such that as the business scales, the risks are demonstrably managed. 
• Leading SOC2 certification preparations. 

Who/what are we looking for?

• Personal style: You’re perceptive, empathetic, and self-aware, with strong collaboration skills. This makes you persuasive and also pragmatic in achieving outcomes
• Communication: You interact with numerous internal and external groups and work closely with enterprise, solution and data architects and engineers. You also work day to day with software engineering and product teams to embed effective DevSecOps. So you must have fluency with the language of these groups and be able to communicate and coach at the business and conceptual level as well as the detailed technical level.
• You have mastered the application of DevSecOps Design patters, principles, and practices to achieve DevSecOps maturity on the cloud. 
• You have a deep understanding of how new technologies and advanced architecture paradigms impact and transform the IT security landscape.
• You have a good working knowledge of related technologies/concepts, including cloud platforms, operating systems (docker, Containers, AWS), networking, programming and scripting languages.
• You have experience with Security Solution design and architecture, can model problems, and achieve an outcome.
• You can juggle innovation adoption with risk management/mitigation, supporting tech teams with moving quickly whilst keeping them aware of cyber risks, providing guardrails and options to progress in a pragmatic way while still observing security principles.

• You have the ability to thrive in a dynamic organisation that is rapidly evolving, and navigate the ambiguity, change, and challenge this environment occasionally creates.
• You have full (aus/uk) working rights. 

Your Experience:

• A degree in Information Technology, Computer Science or related field is expected.
• You may have additional advanced security qualifications such as SABSA (Sherwood Applied Business Security Architecture) or relevant Certifications.
• You should have a DevSecOps certification to validate skills for designing, assessing and securing services and solutions on the cloud.
• 5 yrs+ experience in information security and/or IT risk management, including implementing:
• DevSecOps functions
• Security solutions
• Multi-factor authentication, single sign-on, identity management, access management or related technologies
• Implementation of ISO 27001 and /or NIST/COBIT/SOC2 frameworks
• Demonstrated ability to interact with a broad cross-section of stakeholders to explain and enforce security measures
• Vulnerability management in CI-CD lifecycle
• Experience with Data Security and Data Governance practices
• Strong understanding of GDPR, have proposed and/or designed solutions to meet GDPR requirements
• Strong security policy and procedure development skills
• In depth experience in risk management and incident response processes and workflows
• Experience with Vendor Risk assessments
• Strong experience in security management and operations for Endpoint management and Cloud services