IT Security & Compliance Lead
VIA HealthTechVIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.
We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.
Tasks
We are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.
This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.
Your goal is to make VIA more secure while helping the team move faster, not slower.
What you’ll do
- Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding
- Professionalize and operate our internal IT setup
- Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training
- Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes
- Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems
- Help embed security into the development lifecycle without creating unnecessary overhead
- Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed
- Identify security gaps, prioritize what matters, and implement pragmatic improvements
Requirements
Required:
- Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field
- Practical experience securing cloud-based software products and internal IT environments
- Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response
- Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement
- Ability to work directly with engineering teams on technical security topics
- Strong operational ownership: you see what needs to be done and make it happen
- Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team
- Clear communication and comfort working in an async-first startup environment
Nice to have:
- Experience in healthcare, regulated environments, or companies handling highly sensitive data
- Experience with application security, secure SDLC, threat modeling, or vulnerability management
- Experienc
Opens the company's application page
Listed via
Arbeitnow
arbeitnow.com
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.

