Dartmouth Partners
Chief Information Security Officer (CISO)
Location: Remote
Reports to: Chief Operations Officer (COO)
Department: Central/Compliance
Hours of work: 35 hours per week (7 hours per day, 5 days per week)
Breaks: One-hour unpaid lunch break
Information security is fundamental to business growth and customer trust. The CISO will lead the security strategy, ensuring best practices are embedded across the organisation. This role requires balancing security with business agility, supporting international expansion, and integrating acquisitions effectively. The CISO will foster a security-conscious culture, manage compliance with relevant standards, and mitigate cybersecurity risks while communicating strategy, risks, and controls to stakeholders at all levels.
Responsibilities
Security Strategy & Compliance
-
Develop and drive the strategic security roadmap, aligning with business objectives such as international expansion and acquisition integration.
-
Maintain and evolve the information security framework, ensuring compliance with regulations and standards (ISO 27001, GDPR, ISO 9001, UK Data Protection Act, NHS DSPT, SCAL, DTAC, HIPAA, and NIST).
-
Lead security due diligence and integration efforts related to M&A activity, both domestically and internationally.
-
Serve as the Data Protection Officer (DPO), providing expert advice on data protection, privacy, and regulatory compliance as appropriate.
Security Culture & Awareness
-
Promote and embed a culture of security awareness across the organisation.
-
Empower employees with training and guidance on security practices.
-
Partner with product and engineering teams, embedding secure software development practices (DevSecOps, secure coding standards, OWASP Top 10) into everyday processes.
Risk Management & Operational Security
-
Establish and maintain a robust risk management framework, proactively identifying, assessing, and mitigating cybersecurity risks in alignment with business goals.
-
Define standards for operational security, including vulnerability management, incident detection and response, threat intelligence, and third-party/vendor security management.
-
Oversee the security posture of cloud environments, ensuring secure configurations, proactive threat monitoring, and resilience planning.
Stakeholder Communication
-
Act as the key internal and external security spokesperson.
-
Confidently communicate security strategy, risks, and controls to the Board, customers, regulators, and other stakeholders.
-
Influence executives, investors, and external partners on security-related matters.
Experience
-
Proven leadership in information security strategy in a healthtech or healthcare SaaS business, ideally in a growth-focused or PE-backed environment.
-
Strong expertise with healthcare SaaS compliance frameworks (ISO 27001, GDPR, NHS DSPT, HIPAA, etc.).
-
Experience managing security due diligence and integration during acquisitions.
-
Building and embedding security frameworks across business and technical teams.
-
Operational experience in incident response, vulnerability management, and security monitoring.
-
Experience managing security across multiple international jurisdictions (e.g., EU, US, Middle East).
-
Experience with NHS-specific compliance frameworks (DSPT, DTAC, SCAL).
-
Experience supporting security operations in a company undergoing international expansion.
-
Experience in leadership roles that required influencing board-level executives and external stakeholders.
