About ZAVA:

We're on a mission to provide our patients with healthcare that is accessible and dependable, at a fraction of today's cost. By creating a safe, efficient and convenient approach to healthcare we’ve already provided over 6 million consultations across the UK, Germany, France, and Ireland. 

Our team of Doctors, Engineers, Customer Support Advisors, Marketers, Product Managers, UX Designers, Pharmacists, Commercial & Operations Specialists all work collaboratively to build a digital healthcare platform that enables our patients to find the right healthcare quickly, effectively, and discreetly so they can do more of what matters to them. 

At the end of 2020, we secured a second round of investment and completed two exciting acquisitions in Germany. We're a scaleup company with ambitious growth plans. 

We’re here because we care about healthcare and we plan to be Europe’s biggest digital healthcare provider by 2025. 

About the role:

 The digital healthcare market is a very exciting and competitive space that has seen considerable growth over the last few years. 

You will be joining ZAVA’s Information Security team to lead the GRC function reporting to the Head of Information Security using an innovative and data-driven approach. You will be responsible for the maintenance and continuous improvement of our ISMS as part of our ISO27001 certification. You will be responsible for ensuring information security risks are identified, assessed and governed, as well as being communicated to the relevant stakeholders. You will also be driving ZAVA’s security awareness program for improving the company’s security culture.

What can you expect from working with us? / What's in it for you?

Key Accountabilities

  • Managing Information Security’s  GRC program
  • Ensuring ZAVA’s ISO27001 certification and ISMS are maintained and continuously improved.
  • Carrying out risk assessments, information risk management plans as well as maintaining security policies.
  • Engage with internal and external stakeholders for information security vendor risk assessments and correspondence.
  • Evolving and communicating ZAVA’s internal and third-party information security risk framework
  • Communicating the strategy and vision of the security team
  • Delivering evidence based metrics and scoring framework to measure the success of the GRC programme
  • Delivering a security awareness program for improving the security culture of the company

Experience and qualifications:


  • To have the curiosity and drive to solve complex puzzles.
  • Strategic thinking as well as day-to-day problem solving.
  • An initiative-taking, analytical, and methodical approach to problem solving.
  • Ability to work cross-team in an international environment.
  • Excellent written, presentation and verbal skills with fluent English (written and verbal).
  • You will be familiar with security and compliance standards e.g. NIST, ISO 27001, GDPR, SOC2.
  • Previous experience in developing GRC programs.
  • Ability to stay current with industry security news, emerging threats, breaches, vulnerability, and governance news

Line Manager: Head of Information Security

Application Journey:

  • Talent team screening call (20 mins)
  • Hiring Manager screening call (20 mins)
  • Panel Interview (1 hour)

Benefits from the day you join:

  • 25 days holiday + bank holidays + Birthday day off
  • Healthcare cash back plan through SimplyHealth 
  • Access to SimplyHealth advice, counselling and corporate discounts
  • Free access to all services on the ZAVA website
  • Membership to Headspace (mindfulness application)
  • Remote flexible working
  • Macbook Pro
  • Modern office with breakfast, hot drinks, bike storage and shower facilities
  • Dog friendly office

Additional benefits following probation period:

  • £500 training budget per year (after 3 months) 
  • Company sabbatical after 2 years
  • Opportunity to work from overseas for 2 months each year
  • Opportunity to relocate to one of our global offices (dependent upon meeting eligibility criteria)
  • Enrolled on discretionary company bonus scheme

Core working hours

Our core business hours are 9am - 6pm, although flexible working arrangements are available upon agreement with your line manager.

Apply for this Job

* Required