Director of IT & Security

About the role

We are hiring a Director of IT & Security to design, build, and operate the internal systems and security foundations of [Employer hidden — view at passion-project.co.uk].

This is a hands-on leadership role focused on internal systems, identity, and organisational security.

The role is intentionally centred on building a secure, controlled internal environment that enables rapid and reliable development of our platform, while maintaining clear separation from product and platform engineering responsibilities.

You will take ownership of our internal security posture in a low-trust environment, where sensitive scientific data, proprietary algorithms, and emerging risks — including misuse of AI tools — require strong controls, visibility, and discipline.

Working closely with Engineering, Data, QA/RA, and leadership, you will ensure our internal environment is secure, controlled, and audit-ready, without slowing down the development of our platform.

Tasks and responsibilities

Internal Security & Risk

• Define and implement a security-first IT architecture across identity, endpoints, SaaS, and corporate cloud systems
• Operate with a low-trust / zero-trust mindset, minimising implicit trust across users, devices, and services
• Design and enforce controls to mitigate data leakage risks, including misuse of AI tools and external platforms
• Lead threat modelling and risk assessments focused on internal and organisational attack surfaces
• Implement monitoring, logging, and alerting for user, device, and SaaS activity

Be Hands-On with Systems

• Directly configure and manage:

• Identity providers
• MDM / endpoint security
• Access controls and SaaS configurations

Implement and maintain practical controls such as:

• SSO and conditional access
• RBAC and least privilege
• Device compliance and hardening

Lead incident response for internal security events

Build Secure Foundations for Growth

• Establish scalable IT infrastructure supporting company growth and regulatory expectations
• Implement asset management, access reviews, and lifecycle controls
• Ensure systems are audit-ready with strong traceability
• Support compliance with frameworks (ISO 27001, Cyber Essentials plus, GDPR, etc.)

Define and Enforce Practical Policy

• Develop enforceable policies for:

• Acceptable use (including AI tools)
• Data handling and classification
• Identity and access management

Ensure policies are grounded in real workflows and actively enforced

Deliver lightweight training to embed secure behaviours

Partner Across the Organisation

• Work closely with:

• Engineering leadership on shared infrastructure boundaries
• Data teams on secure data access and handling
• QA/RA on compliance and audit readiness
• Legal on data protection and risk

Act as the internal authority on organisational security and IT risk

Qualifications

Essential

• Strong hands-on experience in IT and security (identity, endpoints, SaaS, cloud)
• Experience operating in low-trust or high-sensitivity environments (biotech, fintech, defence, healthcare, etc.)
• Proven ability to implement practical, enforceable security controls
• Deep understanding of identity and access management (SSO, RBAC, least privilege)
• Experience with endpoint security, MDM, and device management
• Strong knowledge of cloud security fundamentals (focused on internal/corporate environments)
• Experience mitigating data leakage risks, including AI tool misuse and shadow IT
• Ability to clearly separate and coordinate with product/platform engineering responsibilities

Desirable

• Experience with ISO 27001, NIST 800, or Cyber Essentials (plus)
• Familiarity with GxP, or regulated environments
• Experience supporting audits or certification processes
• Exposure to scientific or data-intensive organisations
• Relevant certifications (CISSP, CISM, cloud security)

We offer a competitive salary and benefits package. If you are passionate about developing cutting-edge scientific tools and want to contribute to breakthrough innovations in proteomics, we encourage you to apply!