Information Security Analyst in New England, England at Cera Care
Explore Related Opportunities
Job Description
Position: Information Security Analyst
Contract: Permanent - Full Time
Location: Remote
About Cera:
Cera is a digital-first healthcare-at-home company delivering care, nursing, telehealth and repeat prescription services in peoples homes via technology. In under five years, Cera has expanded to 10,000+ staff across the UK and Germany, delivering 40,000+ healthcare visits a day, and has grown from zero to circa 300m revenues.
Every day, Cera delivers healthcare services equivalent to 40 hospitals or 1,000 care homes, and has grown 100-fold over the past two years making it one of the fastest growing businesses in Europe.
Cera currently holds more than 160+ partnerships with the NHS and local authorities, and the companys technology is used by 2,000+ businesses nationwide. Its technology predicts health deteriorations in patients 30-fold faster than traditional care companies, with its Professional Carers and Nurses responding to over 5,000 high risk alerts each day.
Since the outset of the COVID-19 pandemic, Cera has delivered 10 million healthcare visits in peoples homes, created 10,000 jobs, and licensed its recruitment technology to the UK Government Department of Health to recruit 50,000+ people into healthcare careers.
About the role:
We are seeking a driven and detail-oriented Information Security Analyst to join our growing Information Security team. Reporting to the Information Security Manager, you will play a key role in achieving and maintaining Cyber Essentials Plus (CE+) certification, while supporting our wider ISO27001, NHS Supplier Assurance, and policy and process documentation activities.
This is a fantastic opportunity for someone early in their information security career to develop broad, hands-on experience across certification, audit, risk, and governance work in a fast-growing, technology-enabled healthcare business.
- Support achievement and maintenance of Cyber Essentials Plus (CE+) certification across the business, including coordinating evidence gathering, technical control checks, vulnerability remediation tracking, and liaison with our external certifying body.
- Own day-to-day CE+ compliance monitoring by tracking control implementation, scheduling scans and assessments, and maintaining supporting evidence and documentation ahead of renewal cycles.
- Assist the Information Security Manager with ISO27001 implementation and ongoing management, including gap analysis, evidence collection, internal audit support, and maintenance of the Information Security Management System (ISMS) documentation.
- Support NHS Supplier Assurance activities by completing security questionnaires, gathering evidence, and liaising with NHS and other healthcare partners and their assurance teams.
- Contribute to assisting with the Data Security and Protection Toolkit (DSPT) submission and other healthcare-sector assurance frameworks as required.
- Support policy and process documentation, drafting, formatting, and maintaining information security policies, standards, and procedures, ensuring they remain accurate, current, and accessible.
- Coordinate security questionnaires and due diligence requests from customers, partners, and suppliers across teams, including collating responses, chasing outstanding actions, and maintaining trackers.
- Support the management of security risks by maintaining risk registers, logging identified risks, and tracking remediation actions to closure.
- Help build a strong security culture by helping to organise and deliver security awareness training and communications across the business.
- Assist with internal and external audits through evidence gathering, scheduling, and remediation plan tracking.
- Monitor and research evolving security threats, tools, and regulatory changes relevant to Ceras sector and flag emerging risks or requirements to the Information Security Manager.
- Support security improvement activities by helping to identify control gaps and weaknesses, contributing to remediation plans, and tracking agreed actions through to completion.
What were looking for:
- A proactive, curious mindset above all else. Someone who doesn't shy away from unfamiliar problems, is comfortable saying "I don't know this yet, but I'll figure it out", and sees working outside their comfort zone as part of the role rather than something to avoid
- Good written communication skills, with the ability to draft clear policies and processes and liaise confidently with colleagues and external partners.
- Understanding of the five Cyber Essentials technical control themes (firewalls, secure configuration, user access control, malware protection, patch management)
- Comfort with (or willingness to learn) the technical tools that generate CE+ evidence patch/vulnerability management, MDM/endpoint platforms, configuration baselines
- An interest in developing a career in information security, with enthusiasm for learning frameworks such as Cyber Essentials Plus, ISO27001, NIST and NHS assurance standards.
- Strong organisational skills and attention to detail, with the ability to manage multiple documentation and evidence-tracking tasks at once.
- Desirable but not essential: Understanding of the CE+ audit process, vulnerability scanning, technical verification, evidence/remediation tracking ahead of audit
- Desirable but not essential: exposure to UK healthcare data standards (e.g. DSPT, NHS digital assurance frameworks) or entry-level certifications (e.g. CompTIA Security+, ISO27001 Foundation).
- Desirable but not essential: familiarity with risk registers, audit processes, or GRC (Governance, Risk and Compliance) tools.
What we offer:
- 25 days holiday + your birthday off as well as bank holidays
- Company pension scheme
- Training and development for your role and future career development
- Service and Recognition awards
- We Care our new employee benefits platform which offers shopping discounts and cashback from over 800 retailers
- Employee Assistance Programme
Life at Cera:
We champion diversity, inclusion and well-being to create a workplace where you value yourself and feel proud of who you are. We believe in a world where you have the freedom to explore and express yourself without judgement, no matter who you are or where youre from. Where individuality is a source of confidence, because difference makes the world a better place. People from cultural or gender diverse backgrounds and people with disabilities are encouraged to apply.
Our team is made up of academics, innovators, start-up accelerators and care experts, all connected by a vision to build a better future for care through the combination of best-in-class carers, empowered by technology.