Requirements

• 8+ years’ experience in cyber and information security and privacy function, including business continuity planning and risk management
  
• Solid understanding of:
  
• Information security frameworks (ISO 27001, NIST, SOC 2)
  
• Risk management and control design
  
• Application, cloud, and API security
  
• Incident response and vulnerability management
  
• Data protection and privacy (GDPR)
  
• Experience in regulated environments (insurtech, fintech, health, insurance, or financial services)
  
• Strong knowledge of business impact assessments, disaster recovery, RTOs/RPOs and system criticality mapping
  
• Hands-on experience with cloud-native environments and modern SaaS architectures
  
• Proven ability to work independently with excellent communication and interpersonal skills, including delivering effective training across the company
  
• Analytical and detail-oriented with a proactive approach to risk identification and mitigation
  
• Experience working across multiple countries or regions is a strong advantage
  

Nice to have:

• Relevant certifications (e.g. CISSP, CISM, ISO 27001 Lead Implementer/Auditor)
  
• Previous experience acting as a DPO
  
• Experience scaling security in a growing or mission-driven organisation
  

Cyber Security & Information Security Leadership

• Own and continuously evolve CarePay’s information security and cyber security strategy
  
• Establish and maintain security policies, standards, and controls appropriate for a growing, international insurtech
  
• Turn policy into practice through effective implementation of policies, standards and controls
  
• Act as CarePay’s primary authority on cyber and information security
  

Data Protection and Privacy

• Ensure appropriate protection of sensitive data, including PII, financial, and health data
  
• Support or act as Data Protection Officer (DPO) where required
  
• Lead or support Data Protection Impact Assessments (DPIAs)
  
• Advise teams on privacy-by-design and data minimisation principles
  

Risk, Governance and Compliance

• Identify, assess, and manage security, technology and privacy risks across products, platforms, and operations
  
• Lead security risk assessments and define pragmatic mitigation plans
  
• Ensure alignment with relevant standards and regulations (e.g. ISO 27001, GDPR, SOC 2, local regulatory requirements)
  
• Prepare for and support audits, certifications, and customer security assessments
  
• Serve as a key point of contact for regulators, partners, and enterprise customers on security matters
  

Secure Product and Platform Enablement

• Partner closely with Engineering and Product teams to embed security by design and secure SDLC practices
  
• Advise on cloud, application, and API security architecture
  
• Oversee vulnerability management, penetration testing, and remediation efforts
  
• Proactively identify emerging threats and weaknesses in CarePay’s technology stack
  

Incident Preparedness and Response

• Design and maintain CarePay’s incident response and breach management processes
  
• Lead security and privacy incident response activities when required, ensuring calm, clear communication and effective coordination
  
• Drive post-incident reviews and continuous improvement
  

Culture, Awareness & Influence

• Build security and privacy awareness across CarePay through training, guidance and practical support
  
• Translate technical security risks into clear business impact for non-technical stakeholders
  
• Act as a trusted advisor to leadership, contributing to long-term technology and risk decisions