Information Security Specialist
đ Worldwide
Management
Finance
Machine Learning
Design
Cybersecurity
Devops
Security Engineer
Information Security Specialist
from đ Worldwide
Location:
- UK basedÂ
- Willingness & flexibility to travel to UK locations, when required to support InfoSec work. (Kidlington & Exeter) - circa varies 1-3 days per quarterÂ
- Very Occasional travel to Dublin HQ (Glasnevin) as needed to support audit workÂ
Right to Work
- We are unable to offer visa sponsorship for this role.
Reporting & work teamÂ
- You'll report to and work closely with the Information Security Lead, as well as Cybersecurity Engineering, DevOps, IT, Data Governance, and AI Governance to embed secure-by-design practices across the organisation.
About this RoleÂ
- Information securityunderpins all of our business activities, including AI development
- and compliance with Medical Device regulations
- This role is ideal for a hands-on security specialist who supports the ISMS, validates controls for themselves, and drives continuous improvement with energy and pragmatism.
- This rolemoves away from traditional GRC and leans into modernising it - moving teams towards always-on compliance and consistently demonstrating business value in the activities we run.
- You'll work across the business as someone who meets challenges head-on, brings people with them, and makes security work in practice, not just on paper.
What This Is Not
- Not a paper-only ISMS role or tick-box compliance exercise. The clear expectation here is you take hands-on ownership of effective controls, not just documentation.
- Not a technical incident response role. Security operations is handled separately.
- Not a bureaucratic or gatekeeping function. Our priority goal is to enable the business, not slow it down.Â
- Not a role for someone who prefers to escalate as a first port of call. We value/ reward people who find the answer and move things forward.
- Not a 'policing' role. We focus on shared responsibility and enabling teams to move fast safely.
More specifically;
- This role involves protecting systems and data that directly support cancer diagnostics and drug development, security work with real-world consequence.
- This is ahands-on, delivery-focused rolesuited to someone who thrives in a very fast-moving environment.
- Success requires a pragmatic approach, strong judgement, and the ability to navigate challenges, remove obstacles, and drive progress at pace.
ISMS & Certifications
- We hold ISO 27001 certification across our core business units and are expanding coverage as we grow.
- Support the day-to-day running of theISO 27001 ISMS across ourDeciphex business units (Deciphex, Diagnexia & Patholytix)Â
- Prepare forinternal and external audits so that teams are ready, controls are functioning, and evidence is complete. Audit readiness as a steady state.
- Contribute to continuous improvement initiatives. Iidentify what needs to change, make the case, and see it through.
- Proactively identify and close gaps in the control framework, driving corrective actions (CAPAs) to closure
- Build and maintain areliable evidence pipeline with clear ownership and high completeness.Â
- Assess whichISMS activities deliver measurable business value- and be willing to challenge or retire processes that aren't.
Security Governance & Risk
- Maintain a live, decision-orientedrisk register with owners and mitigation plans.
- Champion arisk-aware culture where decisions are informed by risk, not paralysed by it.
- Develop and maintain policies and procedures that reflect how the business actually operates (not a unworkable bottleneck)Â
- Supportvendor and customer security due diligence in support of commercial and product needs.Â
- Contribute totabletop exercises (e.g. incident response, business continuity)
- Maintain awareness of applicable regulatory requirements (EU AI Act, GDPR, HIPAA, MDR/IVD) and ensure the ISMS remains aligned with our other Certifications and Standards
Technical Oversight
- Defineevidence expectations for technical controls (SIEM, EDR, MFA, RBAC, vulnerability management).
- Go and check: verify controls independently rather than relying on assertions; if something looks wrong, investigate and resolve it.
- Support site reliability and resilience initiatives
Awareness & Security Culture
- Build engaging security awareness trainingthat changes behaviour, not just completion rates.
- Act as a visible, approachable point of contact for information security questions to enable change across the business
- Translate security requirements into plain languagefor non-technical audiences without losing accuracy or impact.
Skills and Experience
Required
- 5+ years in Information Security / ISMS operations.
- Ideally in med tech/ clinical or lifesciencesÂ
- Hands-on ISO 27001 exposure â internal audit and management review experience.Â
- Experience withexternal auditfrom both certified bodies and clients
- Strong documentation and stakeholder-management discipline.
- Ability to translate technical controls into practical action.
- Familiarity with cloud security fundamentalsÂ
Preferred
- Hands-on experience withSOC2, CIS, ISO 27701, CE+
- CISSP or equivalent
- Technical background and control implementation experience
- Experience working with engineering teams.
- Experience with cloud environments
Success IndicatorsÂ
- Audits donât have surprises, are predictable, well-prepared, and low friction.
- Responses to security reviews enable rather than delay business outcomes.
- Security risks are visible, owned, and actively managed.
- Security is seen as a trusted business partner with teams proactively involving security early in product and commercial decisions rather than at the end
Soft skills (we hire for will as equally as skill)Â
- This role is likely to suit someone who enjoys working in a fast-paced, growing environment where resources may be more limited and priorities can shift quickly. Those accustomed to highly structured organisations with large, specialised teams may find the pace and breadth of responsibility either challenging or highly rewarding, depending on their preferred way of working.
- Comfortable working with a high degree of autonomy - you naturally lead &Â take ownership of priorities and make progress without the need for close supervision or extensive direction.
- Â Your well able to navigate ambiguity, exercise sound judgement, and build effective relationships across a matrixed, globally distributed organisation to deliver results.
What are the benefits of working with Deciphex?Â
đŹ Work that saves lives. Every day, your contribution moves the needle on patient outcomes that actually matter.
đ Join a team people leave other companies for. World-class talent, hyper-growth environment, zero mediocrity.
đ Grow fast, on purpose. Regular feedback, clear progression, and real career momentum built in from day one.
đĄ Work from where you do your best thinking. A flexible, hybrid model that trusts you to manage your time like an adult.
âď¸ Take your work global. Eligible employees can work from abroad for up to a month each year. Yes, really.
đ° Paid fairly, rewarded for performance. Competitive salary with annual increments tied to what you actually deliver.
đ Recharge properly. Generous annual leave plus a fully paid Christmas shutdown.
đ A team that spans cultures, not just time zones. Genuinely collaborative, genuinely supportive, no politics.
The above Job Description reflects the requirements of this position at the time of issue. As duties and responsibilities change and develop, this will be reviewed and may be subject to amendments.
About Us
Through the work that we do, the team atDeciphex helps pharma to accelerate the process of essential drug development and helps cancer patients get a timely and accurate diagnosis.Â
Founded in Dublin in 2017, Deciphex has scaled rapidly to a team of over 230 people and counting who are providing software solutions to address the pathology gap in research pathology and clinical areas. We have offices in Dublin, Exeter, Oxford, Chicago and Toronto, and are expanding our team throughout the world.Â
We are software developers, clinical specialists, artificial intelligence engineers, operations professionals and so much more, all working as one team to support our customers and patients.
Read more about Deciphex here and more about our incredible team on our Careers Pageher
Deciphex is an equal opportunities employer and we are committed to the principle of equality. All qualified applicants will be considered for employment without regard to age, race, religious beliefs, political views, gender identity, affectional or sexual orientation, national origin, family or marital status (including pregnancy), disability, membership of the travelling community or any other classification protected by applicable law.
A copy of our Privacy Policy can be viewedhereÂ







