Director of IT & Security Full Time

About the roleWe are hiring a Director of IT & Security to design, build, and operate the internal systems and security foundations of Portal Biotech.This is a hands-on leadership role focused on internal systems, identity, and organisational security.The role is intentionally centred on building a secure, controlled internal environment that enables rapid and reliable development of our platform, while maintaining clear separation from product and platform engineering responsibilities.You will take ownership of our internal security posture in a low-trust environment, where sensitive scientific data, proprietary algorithms, and emerging risks — including misuse of AI tools — require strong controls, visibility, and discipline.Working closely with Engineering, Data, QA/RA, and leadership, you will ensure our internal environment is secure, controlled, and audit-ready, without slowing down the development of our platform.Tasks and responsibilitiesInternal Security & RiskDefine and implement a security-first IT architecture across identity, endpoints, SaaS, and corporate cloud systemsOperate with a low-trust / zero-trust mindset, minimising implicit trust across users, devices, and servicesDesign and enforce controls to mitigate data leakage risks, including misuse of AI tools and external platformsLead threat modelling and risk assessments focused on internal and organisational attack surfacesImplement monitoring, logging, and alerting for user, device, and SaaS activityBe Hands-On with SystemsDirectly configure and manage:Identity providersMDM / endpoint securityAccess controls and SaaS configurationsImplement and maintain practical controls such as:SSO and conditional accessRBAC and least privilegeDevice compliance and hardeningLead incident response for internal security eventsBuild Secure Foundations for GrowthEstablish scalable IT infrastructure supporting company growth and regulatory expectationsImplement asset management, access reviews, and lifecycle controlsEnsure systems are audit-ready with strong traceabilitySupport compliance with frameworks (ISO 27001, Cyber Essentials plus, GDPR, etc.)Define and Enforce Practical PolicyDevelop enforceable policies for:Acceptable use (including AI tools)Data handling and classificationIdentity and access managementEnsure policies are grounded in real workflows and actively enforcedDeliver lightweight training to embed secure behavioursPartner Across the OrganisationWork closely with:Engineering leadership on shared infrastructure boundariesData teams on secure data access and handlingQA/RA on compliance and audit readinessLegal on data protection and riskAct as the internal authority on organisational security and IT riskQualificationsEssentialStrong hands-on experience in IT and security (identity, endpoints, SaaS, cloud)Experience operating in low-trust or high-sensitivity environments (biotech, fintech, defence, healthcare, etc.)Proven ability to implement practical, enforceable security controlsDeep understanding of identity and access management (SSO, RBAC, least privilege)Experience with endpoint security, MDM, and device managementStrong knowledge of cloud security fundamentals (focused on internal/corporate environments)Experience mitigating data leakage risks, including AI tool misuse and shadow ITAbility to clearly separate and coordinate with product/platform engineering responsibilitiesDesirableExperience with ISO 27001, NIST 800, or Cyber Essentials (plus)Familiarity with GxP, or regulated environmentsExperience supporting audits or certification processesExposure to scientific or data-intensive organisationsRelevant certifications (CISSP, CISM, cloud security)We offer a competitive salary and benefits package. If you are passionate about developing cutting-edge scientific tools and want to contribute to breakthrough innovations in proteomics, we encourage you to apply!