
Accurx · London (Shoreditch)
💬 ACCURX IS SOLVING HEALTHCARE PRODUCTIVITY FOR THE NHS. For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At...
For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At Accurx, we’re changing that
by building a single, system-wide platform that helps every patient get gold-standard, efficient, and joined-up care.
What started as a way for GPs to text a patient has now evolved into an all-in-one digital toolkit used by 98% of GP practices.
Our platform now powers Total Triage to manage patient demand, and Self-Book, which lets patients schedule their own appointments
in seconds. We’ve automated routine care with Patient Questionnaires for long-term conditions, while Accumail finally allows
staff-to-staff communication to happen instantly across different care settings. We’re now pushing the boundaries of the
consultation itself with Accurx Scribe, our AI-powered note-taker that drafts medical notes in real-time.
We’re not just shipping features. We’re giving clinicians their time back and ensuring every patient journey is as smooth as it
should be.
This role works day-to-day alongside the Senior Information Security Officer, who owns the GRC framework, ISO 27001 programme, CE+
and DSPT compliance, and the security risk register. It provides dedicated capacity to push forward priority workstreams -
particularly risk management, CE+ audit readiness, and data strategy delivery.
business, keep the register current and accurate, and prepare clear risk reporting that translates technical risk into business
language.
CE+ deep-dive audit, reviewing controls against requirements and flagging gaps with practical remediation guidance.
the access control programme forward by reviewing current access patterns and identifying gaps.
managing milestones and blockers across the risk, CE+, and data workstreams.
evidence collection and control documentation, and support policy and process documentation as needed.
non-technical stakeholders understand risk well enough to act on it.
SaaS environment.
hold your own in a technical conversation - you don't need to be a developer.
product company.
it.
You'll be joining an established but fast-growing Tech for Good movement, led by our Principles and our mission to solve
healthcare productivity.
with core hours of 10 am - 4 pm
💬 ACCURX IS SOLVING HEALTHCARE PRODUCTIVITY FOR THE NHS. For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At Accurx, we’re changing that by building a single, system-wide platform that helps every patient get gold-standard, efficient, and joined-up care. What started as a way for GPs to text a patient has now evolved into an all-in-one digital toolkit used by 98% of GP practices. Our platform now powers Total Triage to manage patient demand, and Self-Book, which lets patients schedule their own appointments in seconds. We’ve automated routine care with Patient Questionnaires for long-term conditions, while Accumail finally allows staff-to-staff communication to happen instantly across different care settings. We’re now pushing the boundaries of the consultation itself with Accurx Scribe, our AI-powered note-taker that drafts medical notes in real-time. We’re not just shipping features. We’re giving clinicians their time back and ensuring every patient journey is as smooth as it should be. CHALLENGES YOU’LL SOLVE... * Own our privacy frameworks end-to-end: Maintain and continuously improve the ROPA, data mapping and third-party risk programme so they're accurate, scalable and understood by the people who use them. * Lead the DPIA process: Run end-to-end assessments for new products, features and integrations, ensuring higher-risk processing gets proper scrutiny and a consistent standard of output. * Be the internal authority on NHS IG: Lead our annual DSPT submission and own day-to-day NHS Information Governance compliance, building deep expertise the business can rely on. * Act as the primary advisory point: Handle the majority of data protection and IG queries from across the business, giving practical, well-reasoned guidance and knowing when to escalate. * Own supplier due diligence: Lead vendor privacy reviews, including DPA reviews, TIAs, DPIAs for high-risk suppliers and security questionnaire reviews. * Handle individual rights requests: Lead on complex or sensitive DSRs, ensuring responses are accurate, timely and well-considered. * Build privacy culture: Design and deliver training and awareness activities that make privacy feel practical and relevant, not a blocker. YOU SHOULD APPLY IF... * You have 4+ years in privacy or data protection, ideally with exposure to health-tech, NHS IG or high-growth technology environments * You're comfortable driving work forward independently - you make confident calls, own your outputs and know when to escalate * You have a strong working knowledge of UK GDPR, DPA 2018, and PECR applied to SaaS products * You've built or maintained privacy frameworks before (ROPA, DPIA programmes, third-party risk management) and understand what makes them work in practice * You see yourself as an enabler, you enjoy working with product and engineering teams and help them build compliance rather than slowing them down * You're a clear, practical communicator who can translate legal requirements into guidance that non-specialists will actually act on * You hold or are working towards a recognised privacy certification (CIPP/E, CIPM, ISEB BCS) WHAT’S IN IT FOR ME? You'll be joining an established but fast-growing Tech for Good movement, where we're led by our Principles and our mission to solve healthcare productivity. * £65,000 - £80,000 salary + share options up to £15,000 * Benefits to suit you: adjust your healthcare cover, your pension or life insurance, whatever stage you’re at in life * Flexible working: We are an office first culture and ask that you’re in our (dog-friendly) Shoreditch office 3 days a week, with core hours of 10am - 4pm * Time off: You’ll get 28 days of holiday (plus bank holidays) and up to 4 weeks to work from anywhere per year * Family matters: We offer enhanced parental leave, fertility support and parental loss support * We have our very own Chef! Free healthy breakfasts, snacks and lunches will be provided, with the occasional sweet treat!
ABOUT ARTEFACT Artefact is a global data and AI consultancy that helps organizations create value from data, technology, and artificial intelligence. Artefact Netherlands works with clients on data-driven transformation, analytics, AI, digital marketing, and technology implementation. As our organization continues to grow, information security is becoming increasingly important for our clients, partners, and internal operations. To strengthen our security posture and meet regulatory and customer requirements, Artefact Netherlands is preparing to implement an Information Security Management System, or ISMS, and work towards ISO 27001 certification. ABOUT THE ASSIGNMENT Artefact Netherlands is looking for a motivated graduation intern who will support the implementation of an Information Security Management System and help prepare the organization for ISO 27001 certification. The goal of the internship is to help Artefact Netherlands reduce information security risks, improve governance, and become demonstrably compliant with relevant regulations and customer requirements. A key part of this objective is achieving readiness for ISO 27001 certification. You will work closely with the Artefact project manager and will have access to relevant policies, systems, documentation, and internal stakeholders. In addition, a sounding board from Artefact’s headquarters in France will be available to provide knowledge, feedback, and alignment with the broader Artefact organization. The scope and timelines of the project are clearly defined. Dedicated time for mentorship and guidance will be provided throughout the internship. YOUR RESPONSIBILITIES During the internship, you may work on activities such as: * Performing an ISO 27001 gap analysis against the current situation. * Supporting the definition of the ISMS scope. * Mapping relevant assets, processes, stakeholders, and information flows. * Supporting the setup of a risk assessment methodology. * Creating or improving the information security risk register. * Identifying required ISO 27001 controls and assessing their applicability. * Supporting the development of a draft Statement of Applicability. * Reviewing and improving information security policies and procedures. * Helping define evidence requirements for certification readiness. * Supporting awareness and communication activities within the organization. * Preparing a practical implementation roadmap towards ISO 27001 certification. * Documenting findings and recommendations in a graduation thesis. The exact scope of the assignment will be aligned with the student’s study program, interests, and graduation requirements. YOUR PROFILE We are looking for a proactive and curious student who is interested in the intersection of information security, business processes, risk management, governance, and organizational change. You are currently studying in a relevant field such as Business IT & Management, HBO-ICT, Cyber Security, Information Security, Information Management, Business Information Technology, IT Service Management, Information Science, or Risk Management/IT Governance. You do not need to be an ISO 27001 expert yet, but you are motivated to learn and enjoy working on topics where technology, organization, risk, and compliance come together. To be successful in this role, you bring: * Analytical skills: You can understand complex processes, identify gaps, structure information, and translate findings into practical recommendations. * Affinity with information security: You are interested in cybersecurity, risk management, compliance, governance, or related topics. Knowledge of ISO 27001 is a plus. * A structured way of working: You can organize your work, document findings clearly, and manage your own deliverables. * Strong communication skills: You are comfortable engaging with different stakeholders and translating complex topics into clear language. * Critical thinking and pragmatism: You can assess risks, challenge assumptions, and balance security requirements with business needs. * Availability: You are available for a 5-6 month graduation internship and are able to work in a hybrid setup from our Utrecht office. WHAT YOU WILL LEARN This internship offers the opportunity to gain hands-on experience with a real ISO 27001 implementation trajectory in a professional consultancy environment. During the internship, you will learn how to: * Set up and structure an Information Security Management System. * Understand the practical application of ISO 27001. * Conduct a security gap analysis. * Perform or support information security risk assessments. * Translate security risks into concrete improvement actions. * Work with governance, policies, procedures, controls, and evidence. * Prepare an organization for certification readiness. * Engage with stakeholders across business, technology, and management. * Balance compliance, risk reduction, and practical implementation. * Work in an international organization with support from both local and global stakeholders. * Develop a graduation thesis with direct practical value. You will gain valuable experience in information security governance, risk management, and compliance. These are highly relevant skills for future roles such as information security officer, security consultant, IT risk consultant, privacy/security analyst, business IT consultant, or GRC specialist. WHAT WE OFFER * A competitive internship salary, an NS Business Card to travel to the office, great office lunches, a strong company culture, and other employee benefits. * A clearly scoped graduation assignment with practical business relevance. * Close collaboration with an Artefact project manager. * Dedicated mentorship and guidance throughout the internship. * Access to relevant policies, systems, documentation, and stakeholders. * A sounding board from Artefact headquarters in France. * Exposure to a professional data, AI, and technology consultancy environment. * Dedicated time to work on your graduation thesis (approximately two days per week). * A hybrid working environment from our Utrecht office. * The opportunity to make a visible contribution to Artefact Netherlands’ information security maturity. INTERESTED? Are you looking for a graduation internship in information security, ISO 27001, risk management, and IT governance? We would like to hear from you. Please send your CV and a short motivation explaining why this assignment interests you. POSSIBLE RESEARCH QUESTION A possible graduation research question could be: How can Artefact Netherlands implement an effective and pragmatic Information Security Management System in order to reduce information security risks and become ready for ISO 27001 certification? This research question can be further refined together with the student and the educational institution to ensure it meets graduation requirements.
About the Role We are looking for a Security & Compliance Engineer to help ensure security across our internal digital landscape. Reporting to Tacton’s Security & Compliance Manager, you will play a key role in ensuring that our systems, integrations, data flows, and vendor ecosystem are secure by design and in operation. This role focuses on internal systems and corporate security architecture, including infrastructure, integrations, and third-party services. You will combine architectural thinking with hands-on expertise and act as a trusted partner to IT, Engineering, and business stakeholders. You will have a direct impact on how we design, connect, and secure our systems as we continue to grow globally. This is a high-impact role for someone who understands modern digital environments and how to secure them end-to-end. What You Will Do Internal Security & Risk Lead security assessments of systems, integrations, and data flows Conduct technical risk analyses for system implementations and vendor onboarding Perform threat modelling and security reviews Define and implement security requirements for infrastructure and cloud environments Help establish and maintain security guardrails across identity, access, encryption, and integrations Proficiency in risk management Knowledge of emerging cybersecurity threats and trends Vendor & Third-Party Security Define and enforce security requirements in procurement processes Conduct supplier security assessments and due diligence Evaluate third-party risks from a cybersecurity perspective Governance & Compliance Maintain alignment with ISO 27001 and SOC 2 Type II Contribute to policies, standards, and security guidelines Support incident investigations Act as a subject matter expert in audits and internal forums What Will Help You Thrive 5+ years of experience in cybersecurity, information security, or a related field Strong technical foundation in cloud, networking, identity & access management, and system integrations Strong communication and stakeholder management skills Experience conducting technical risk assessments and security reviews Familiarity with ISO 27001 and SOC 2 Type II Ability to understand complex system landscapes and data flows Comfortable working cross-functionally with IT, Engineering, and Legal Certifications such as CISSP, CISM, or CISA are a plus Degree in Computer Science, Engineering, or a related field Who We’re Looking For We’re looking for someone with a strong hands-on, doer mentality who is focused on getting things done and creating real impact. You are pragmatic, prestigeless, and motivated by outcomes. You thrive in dynamic environments where responsibilities are broad, and you feel comfortable navigating uncertainty and solving problems independently. You are curious by nature, proactive in your approach, and continuously looking to learn and improve both yourself and the way things are done. Why Tacton? At Tacton, we’ve been building CPQ software for over 20 years. We’re a stable company with global customers and a product that’s central to how manufacturers sell We offer competitive benefits, flexibility in how we work, and a culture that values learning and collaboration A solid and stable company with over 20 years of industry experience. Flexible hybrid setup - 3x a week at the office 33 days of paid time off – 30 vacation days plus 3 extra to make sure you get the rest you deserve. Premium occupational pension – Our pension plan goes beyond ITP1, with higher employer contributions depending on your age and salary level. Generous wellness allowance – 5,000 SEK annually to support your health and wellbeing. Private healthcare insurance – Skip the waiting lines and get quick access to private medical care, including specialist consultations and treatments. Parental leave top-up – We top up your parental leave so you receive up to 90% of your base salary for up to 6 months, helping you focus on your family without financial stress Weekly treats – Fika one week, breakfast the next, because good food brings people together. This role is based in Stockholm, where we have invested in creating our unique home right next to Hötorget station. Tacton is a leading Software as a Service company trusted by global manufacturers. We got started in the late 1990s when six computer scientists figured out a revolutionary way to help Manufacturers overcome their most business-critical, product configuration challenges. Since those early days, we have grown to support global manufacturers seeking to thrive in a changing world. We invite you to find out more about us @ www.tacton.com/about