Cybersecurity & Compliance Specialist
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Salvone Technology Solutions is hiring a Cybersecurity & Compliance Specialist to own the security posture and drive certifications like ISO 27001, Cyber Essentials Plus, and NHS DSPT.
Key Skills for This Role
Responsibilities
- Run vulnerability management end to end: scanning, triage, remediation tracking, and verification
- Oversee patch compliance and hardening baselines across cloud, servers, and endpoints
- Monitor security events and alerts through SIEM (Wazuh), investigate anomalies, and tune detection
- Maintain endpoint protection coverage and review logs for early signs of compromise
- Track and reduce security debt with clear owners and dates
- Drive ISO 27001 programme day to day: maintain ISMS, implement controls, prepare for audits
- Deliver Cyber Essentials Plus and NHS DSPT submission, keeping evidence current year round
- Assemble and maintain NHS DTAC assessment packs for platforms
- Maintain a single, audit ready control and evidence library; run and improve compliance tooling
- Maintain Record of Processing Activities (ROPA) and data retention schedules
- Run Data Protection Impact Assessments (DPIAs) for new systems and data flows
- Operate data subject request and breach processes, including ICO notification timelines
Requirements
- 2–4 years in a cybersecurity, GRC, or security focused IT role
- Hands on contribution to at least one compliance framework — ISO 27001, Cyber Essentials, SOC 2, or NHS DSPT
- Working knowledge of UK GDPR / Data Protection Act 2018 in practice
- Familiarity with cloud security (AWS preferred): IAM, security groups, GuardDuty, Config, and logging
- Microsoft 365 / Entra ID security: conditional access, MFA, and Secure Score
- Exposure to vulnerability management and SIEM tooling (Wazuh, Sentinel, Splunk, or similar)
- Scripting for automation: Python, Bash, or PowerShell
- Strong documentation discipline
- Clear written and spoken English
Full Job Posting
About Salvone
- Salvone Technology Solutions is the technology arm of one of the leading UK healthcare providers across hospitals, residential homes, supported living, and nursing services.
- We design and operate the platforms, ERP, integrations, analytics, and workforce systems that power operations, compliance, and care delivery across the group.
- We are hiring a Cybersecurity & Compliance Specialist to be the hands on engine of our security and compliance programme.
Key Responsibilities
- Run vulnerability management end to end: scanning, triage, remediation tracking, and verification with the infrastructure team.
- Oversee patch compliance and hardening baselines across cloud, servers, and endpoints.
- Monitor security events and alerts through our SIEM (Wazuh), investigate anomalies, and tune detection.
- Maintain endpoint protection coverage and review logs for early signs of compromise.
- Track and reduce security debt with clear owners and dates.
- Drive the ISO 27001 programme day to day: maintain the ISMS, implement and evidence controls, and prepare for internal and external audits.
- Deliver Cyber Essentials Plus and the NHS DSPT submission, keeping evidence current year round rather than scrambling at deadline.
- Assemble and maintain NHS DTAC assessment packs for our platforms — clinical safety, data protection, technical security, interoperability, and usability.
- Maintain a single, audit ready control and evidence library; run and improve compliance tooling (e.g. Vanta, Drata) where adopted.
- Maintain the Record of Processing Activities (ROPA) and data retention schedules.
- Run Data Protection Impact Assessments (DPIAs) for new systems and data flows.
- Operate the data subject request and breach processes, including ICO notification timelines.
Required Qualifications
- 2–4 years in a cybersecurity, GRC, or security focused IT role.
- Hands on contribution to at least one compliance framework — ISO 27001, Cyber Essentials, SOC 2, or NHS DSPT.
- Working knowledge of UK GDPR / Data Protection Act 2018 (or an equivalent data protection regime) in practice, not just theory.
- Familiarity with cloud security (AWS preferred): IAM, security groups, GuardDuty, Config, and logging.
- Microsoft 365 / Entra ID security: conditional access, MFA, and Secure Score.
- Exposure to vulnerability management and SIEM tooling (Wazuh, Sentinel, Splunk, or similar).
- Scripting for automation: Python, Bash, or PowerShell.
- Strong documentation discipline. If it isn’t written down, it didn’t happen.
- Clear written and spoken English; able to write a policy someone will actually read.
Desirable Skills
- ISO 27001 Lead Implementer or Lead Auditor certification; Cyber Essentials assessor experience.
- NHS DTAC, DSPT, or clinical safety exposure (DCB0129 / DCB0160).
- Security certifications: CompTIA Security+, SSCP, AZ 500, AWS Security Specialty, CEH, or working towards CISSP.
- Compliance automation tooling (Vanta, Drata, or similar).
- Experience in a regulated industry — healthcare, finance, or public sector.
- Penetration testing fundamentals and a solid grasp of OWASP.
- Container and image scanning; zero trust networking (Tailscale or similar).
- Healthcare integration or data context (HL7, FHIR, Mirth).
What We’re Looking For
- Beyond the checklist, we value people who are methodical, evidence driven, and pragmatic about risk.
- Ownership mentality: you see a gap, you log it, you close it, and you evidence it.
- Pragmatism: you can tell a real risk from a theoretical one and prioritise accordingly.
- Documentation discipline: policies, runbooks, and evidence kept current as a matter of habit.
- Calm under pressure: some of what we protect runs 24/7 in clinical settings.
What Success Looks Like
- By 90 days: A clear inventory of systems, data flows, identities, and secrets, with the riskiest gaps logged and owned.
- By 90 days: ISO 27001 gap analysis supported and the evidence library structured.
- By 90 days: ROPA started and the first DPIAs underway.
- By 90 days: Early, visible posture wins shipped with the infrastructure team.
- By 6 months: ISO 27001 certification achieved.
- By 6 months: Cyber Essentials Plus passed, and DSPT submitted at 'Standards Met' or higher.
- By 6 months: DTAC packs assembled and current for our in scope platforms.
- By 6 months: Quarterly access reviews, incident drills, and supplier reviews running as routine.
Location
- Dubai (Preferred)
- Work Location: In person
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Salvone Technology Solutions DMCC
Accounts Receivable Officer -Credit Control (Healthcare RCM)
Dubai, UAE
Salvone Technology Solutions is seeking an experienced Accounts Receivable Officer for credit control in healthcare RCM, supporting UK operations remotely from Dubai. The role involves managing collections from council f
E-Commerce Growth Strategist
, UAE
Salvone Technology Solutions is launching a premium DTC wellness brand in the UAE and seeks a hands-on E-Commerce Growth Strategist to own the commercial launch end-to-end. You will build the online store, acquire custom
Cybersecurity & Compliance Specialist
Dubai, UAE
Salvone Technology Solutions is hiring a Cybersecurity & Compliance Specialist to own the day-to-day security posture and drive certifications like ISO 27001, Cyber Essentials Plus, and NHS DSPT. The role requires 2-4 ye
Senior Software Engineer — .NET & Python
Dubai, UAE
Salvone Technology Solutions is hiring a Senior Software Engineer with deep C#/.NET and Python skills to design, extend, and maintain applications for healthcare operations. The role involves full-stack development, inte
Jr. Accountant - Accounts Receivable
Dubai, UAE
Job Type: Full-time Work Location: In person Role Overview We are looking for a proactive and relationship-focused Accounts Receivable / Credit Control Specialist to join the AR team. The successful candidate will be res
Senior Software Engineer – Healthcare Integrations (HL7/FHIR, Python, Odoo)
Dubai, UAE
About the Role We are looking for a Senior Software Engineer to lead the design and delivery of healthcare integrations and ERP solutions. This role focuses on building and maintaining integrations across clinical, opera
Senior Accountant for F&B Operations
Dubai, UAE
Role Summary The Senior Accountant for F&B Operations will be responsible for managing the day-to-day accounting and financial operations related to F&B entities across multiple jurisdictions. The role will oversee finan
Lead Developer
Dubai, UAE
Job Title Development Lead (Full Stack | Systems | Integrations) Location Dubai, UAE (Office-based) Job Type Full-time Salary Competitive, based on experience Job Summary We are hiring a Development Lead to own the end-t
Accounts Receivable Officer -Credit Control (Healthcare RCM)
Dubai, UAE
E-Commerce Growth Strategist
, UAE
Cybersecurity & Compliance Specialist
Dubai, UAE
Senior Software Engineer — .NET & Python
Dubai, UAE
Jr. Accountant - Accounts Receivable
Dubai, UAE
Senior Software Engineer – Healthcare Integrations (HL7/FHIR, Python, Odoo)
Dubai, UAE
Senior Accountant for F&B Operations
Dubai, UAE
Lead Developer
Dubai, UAE