
Accurx · London (Shoreditch)
💬 ACCURX IS SOLVING HEALTHCARE PRODUCTIVITY FOR THE NHS. For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At...
For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At Accurx, we’re changing that
by building a single, system-wide platform that helps every patient get gold-standard, efficient, and joined-up care.
What started as a way for GPs to text a patient has now evolved into an all-in-one digital toolkit used by 98% of GP practices.
Our platform now powers Total Triage to manage patient demand, and Self-Book, which lets patients schedule their own appointments
in seconds. We’ve automated routine care with Patient Questionnaires for long-term conditions, while Accumail finally allows
staff-to-staff communication to happen instantly across different care settings. We’re now pushing the boundaries of the
consultation itself with Accurx Scribe, our AI-powered note-taker that drafts medical notes in real-time.
We’re not just shipping features. We’re giving clinicians their time back and ensuring every patient journey is as smooth as it
should be.
This role works day-to-day alongside the Senior Information Security Officer, who owns the GRC framework, ISO 27001 programme, CE+
and DSPT compliance, and the security risk register. It provides dedicated capacity to push forward priority workstreams -
particularly risk management, CE+ audit readiness, and data strategy delivery.
business, keep the register current and accurate, and prepare clear risk reporting that translates technical risk into business
language.
CE+ deep-dive audit, reviewing controls against requirements and flagging gaps with practical remediation guidance.
the access control programme forward by reviewing current access patterns and identifying gaps.
managing milestones and blockers across the risk, CE+, and data workstreams.
evidence collection and control documentation, and support policy and process documentation as needed.
non-technical stakeholders understand risk well enough to act on it.
SaaS environment.
hold your own in a technical conversation - you don't need to be a developer.
product company.
it.
You'll be joining an established but fast-growing Tech for Good movement, led by our Principles and our mission to solve
healthcare productivity.
with core hours of 10 am - 4 pm
💬 ACCURX IS SOLVING HEALTHCARE PRODUCTIVITY FOR THE NHS. For decades, the NHS has struggled with fragmented systems that make simple tasks feel impossible. At Accurx, we’re changing that by building a single, system-wide platform that helps every patient get gold-standard, efficient, and joined-up care. What started as a way for GPs to text a patient has now evolved into an all-in-one digital toolkit used by 98% of GP practices. Our platform now powers Total Triage to manage patient demand, and Self-Book, which lets patients schedule their own appointments in seconds. We’ve automated routine care with Patient Questionnaires for long-term conditions, while Accumail finally allows staff-to-staff communication to happen instantly across different care settings. We’re now pushing the boundaries of the consultation itself with Accurx Scribe, our AI-powered note-taker that drafts medical notes in real-time. We’re not just shipping features. We’re giving clinicians their time back and ensuring every patient journey is as smooth as it should be. CHALLENGES YOU’LL SOLVE... * Own our privacy frameworks end-to-end: Maintain and continuously improve the ROPA, data mapping and third-party risk programme so they're accurate, scalable and understood by the people who use them. * Lead the DPIA process: Run end-to-end assessments for new products, features and integrations, ensuring higher-risk processing gets proper scrutiny and a consistent standard of output. * Be the internal authority on NHS IG: Lead our annual DSPT submission and own day-to-day NHS Information Governance compliance, building deep expertise the business can rely on. * Act as the primary advisory point: Handle the majority of data protection and IG queries from across the business, giving practical, well-reasoned guidance and knowing when to escalate. * Own supplier due diligence: Lead vendor privacy reviews, including DPA reviews, TIAs, DPIAs for high-risk suppliers and security questionnaire reviews. * Handle individual rights requests: Lead on complex or sensitive DSRs, ensuring responses are accurate, timely and well-considered. * Build privacy culture: Design and deliver training and awareness activities that make privacy feel practical and relevant, not a blocker. YOU SHOULD APPLY IF... * You have 4+ years in privacy or data protection, ideally with exposure to health-tech, NHS IG or high-growth technology environments * You're comfortable driving work forward independently - you make confident calls, own your outputs and know when to escalate * You have a strong working knowledge of UK GDPR, DPA 2018, and PECR applied to SaaS products * You've built or maintained privacy frameworks before (ROPA, DPIA programmes, third-party risk management) and understand what makes them work in practice * You see yourself as an enabler, you enjoy working with product and engineering teams and help them build compliance rather than slowing them down * You're a clear, practical communicator who can translate legal requirements into guidance that non-specialists will actually act on * You hold or are working towards a recognised privacy certification (CIPP/E, CIPM, ISEB BCS) WHAT’S IN IT FOR ME? You'll be joining an established but fast-growing Tech for Good movement, where we're led by our Principles and our mission to solve healthcare productivity. * £65,000 - £80,000 salary + share options up to £15,000 * Benefits to suit you: adjust your healthcare cover, your pension or life insurance, whatever stage you’re at in life * Flexible working: We are an office first culture and ask that you’re in our (dog-friendly) Shoreditch office 3 days a week, with core hours of 10am - 4pm * Time off: You’ll get 28 days of holiday (plus bank holidays) and up to 4 weeks to work from anywhere per year * Family matters: We offer enhanced parental leave, fertility support and parental loss support * We have our very own Chef! Free healthy breakfasts, snacks and lunches will be provided, with the occasional sweet treat!
ABOUT ARTEFACT Artefact is a global data and AI consultancy that helps organizations create value from data, technology, and artificial intelligence. Artefact Netherlands works with clients on data-driven transformation, analytics, AI, digital marketing, and technology implementation. As our organization continues to grow, information security is becoming increasingly important for our clients, partners, and internal operations. To strengthen our security posture and meet regulatory and customer requirements, Artefact Netherlands is preparing to implement an Information Security Management System, or ISMS, and work towards ISO 27001 certification. ABOUT THE ASSIGNMENT Artefact Netherlands is looking for a motivated graduation intern who will support the implementation of an Information Security Management System and help prepare the organization for ISO 27001 certification. The goal of the internship is to help Artefact Netherlands reduce information security risks, improve governance, and become demonstrably compliant with relevant regulations and customer requirements. A key part of this objective is achieving readiness for ISO 27001 certification. You will work closely with the Artefact project manager and will have access to relevant policies, systems, documentation, and internal stakeholders. In addition, a sounding board from Artefact’s headquarters in France will be available to provide knowledge, feedback, and alignment with the broader Artefact organization. The scope and timelines of the project are clearly defined. Dedicated time for mentorship and guidance will be provided throughout the internship. YOUR RESPONSIBILITIES During the internship, you may work on activities such as: * Performing an ISO 27001 gap analysis against the current situation. * Supporting the definition of the ISMS scope. * Mapping relevant assets, processes, stakeholders, and information flows. * Supporting the setup of a risk assessment methodology. * Creating or improving the information security risk register. * Identifying required ISO 27001 controls and assessing their applicability. * Supporting the development of a draft Statement of Applicability. * Reviewing and improving information security policies and procedures. * Helping define evidence requirements for certification readiness. * Supporting awareness and communication activities within the organization. * Preparing a practical implementation roadmap towards ISO 27001 certification. * Documenting findings and recommendations in a graduation thesis. The exact scope of the assignment will be aligned with the student’s study program, interests, and graduation requirements. YOUR PROFILE We are looking for a proactive and curious student who is interested in the intersection of information security, business processes, risk management, governance, and organizational change. You are currently studying in a relevant field such as Business IT & Management, HBO-ICT, Cyber Security, Information Security, Information Management, Business Information Technology, IT Service Management, Information Science, or Risk Management/IT Governance. You do not need to be an ISO 27001 expert yet, but you are motivated to learn and enjoy working on topics where technology, organization, risk, and compliance come together. To be successful in this role, you bring: * Analytical skills: You can understand complex processes, identify gaps, structure information, and translate findings into practical recommendations. * Affinity with information security: You are interested in cybersecurity, risk management, compliance, governance, or related topics. Knowledge of ISO 27001 is a plus. * A structured way of working: You can organize your work, document findings clearly, and manage your own deliverables. * Strong communication skills: You are comfortable engaging with different stakeholders and translating complex topics into clear language. * Critical thinking and pragmatism: You can assess risks, challenge assumptions, and balance security requirements with business needs. * Availability: You are available for a 5-6 month graduation internship and are able to work in a hybrid setup from our Utrecht office. WHAT YOU WILL LEARN This internship offers the opportunity to gain hands-on experience with a real ISO 27001 implementation trajectory in a professional consultancy environment. During the internship, you will learn how to: * Set up and structure an Information Security Management System. * Understand the practical application of ISO 27001. * Conduct a security gap analysis. * Perform or support information security risk assessments. * Translate security risks into concrete improvement actions. * Work with governance, policies, procedures, controls, and evidence. * Prepare an organization for certification readiness. * Engage with stakeholders across business, technology, and management. * Balance compliance, risk reduction, and practical implementation. * Work in an international organization with support from both local and global stakeholders. * Develop a graduation thesis with direct practical value. You will gain valuable experience in information security governance, risk management, and compliance. These are highly relevant skills for future roles such as information security officer, security consultant, IT risk consultant, privacy/security analyst, business IT consultant, or GRC specialist. WHAT WE OFFER * A competitive internship salary, an NS Business Card to travel to the office, great office lunches, a strong company culture, and other employee benefits. * A clearly scoped graduation assignment with practical business relevance. * Close collaboration with an Artefact project manager. * Dedicated mentorship and guidance throughout the internship. * Access to relevant policies, systems, documentation, and stakeholders. * A sounding board from Artefact headquarters in France. * Exposure to a professional data, AI, and technology consultancy environment. * Dedicated time to work on your graduation thesis (approximately two days per week). * A hybrid working environment from our Utrecht office. * The opportunity to make a visible contribution to Artefact Netherlands’ information security maturity. INTERESTED? Are you looking for a graduation internship in information security, ISO 27001, risk management, and IT governance? We would like to hear from you. Please send your CV and a short motivation explaining why this assignment interests you. POSSIBLE RESEARCH QUESTION A possible graduation research question could be: How can Artefact Netherlands implement an effective and pragmatic Information Security Management System in order to reduce information security risks and become ready for ISO 27001 certification? This research question can be further refined together with the student and the educational institution to ensure it meets graduation requirements.
Ready to do the most impactful work of your career? At Coinbase, we are uncompromising on our mission to increase economic freedom. The bar is high, the environment is intense, and we like it that way. This isn't a place for complacency, it’s a place to be pushed past your perceived limits. If you're ready to build the future of finance alongside people who refuse to settle for "good enough," you belong here. Coinbase is a remote-first, but not remote-only company. Expect to get together quarterly for intense in-person working sessions called “surges.” learn more about working at Coinbase. STAFF SOFTWARE ENGINEER (EAA) The Customer Administration Engineering (CAE) team within Coinbase's Enterprise Applications and Architecture org builds and operates Control Center, the secure platform powering customer data operations for approximately 7,000 internal users across CX, Compliance, Legal, Global Investigations, and Trust and Risk. As a Staff Software Engineer, you'll be the technical anchor driving Control Center's evolution from a human-specialist UI into a modular, AI-agent-ready operations platform exposing capabilities via MCP for both human and autonomous consumers. You'll lead architectural decisions, mentor engineers, and deliver high-impact platform capabilities at an exciting inflection point for the product. What you'll do: * Own the architecture and delivery of foundational platform capabilities including MCP tool registries, AI orchestration layers, risk-based access automation, and the away-team contribution model that enables product groups to build on Control Center safely and at speed. * Drive Control Center's evolution into an AI-agent-ready, headless operations platform by designing MCP procedure constructs, agentic guardrails, HITL orchestration, and evaluation frameworks for secure autonomous operations. * Lead technical direction across the team in partnership with the Engineering Manager and Product, authoring TDDs, running design reviews, decomposing complex initiatives into deliverable milestones, and mentoring engineers through code review. * Build highly reliable, secure distributed backend services, owning SLO definitions, observability instrumentation, incident response, and operational readiness for Tier-1 systems serving thousands of internal users and AI agents. * Partner across EAA, Product Engineering, and Security Engineering teams to deliver cross-functional outcomes and drive shared platform primitives that eliminate duplicated infrastructure. Required Skills and Experience: * 8+ years of software engineering experience with a demonstrated track record architecting and delivering large-scale, high-traffic distributed systems, including deep proficiency in backend service design, API development (gRPC, MCP, GraphQL), and scalable microservices architectures. * Proven ability to independently lead ambiguous, high-impact technical initiatives from whiteboard to production, writing high-quality, well-tested code that sets the standard across multi-team problem spaces. * Hands-on experience with cloud-native infrastructure including AWS, Kubernetes, Terraform, CI/CD pipelines, event-driven architectures (Kafka, MQ), distributed caching, and SQL or NoSQL databases. * Track record building secure, compliant internal tools or platforms with deep appreciation for security controls, access management, audit logging, and data governance in a regulated environment. * Experience building or integrating with agentic AI systems including MCP servers, LLM orchestration layers, RAG pipelines, HITL workflows, or evaluation and guardrail frameworks, with proficiency in Go and willingness to work across Python. * Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality. Job #: P67493 Pay Transparency Notice: Base salary varies by location (see range below). Total compensation may also include equity and bonus eligibility, and benefits (medical, dental, vision, 401(k)). Annual base salary range (excluding equity and bonus): $218,025—$256,500 USD * Application Limit: Candidates may submit a maximum of 3 applications within a 6-month period. * Equal Opportunity Employer: Coinbase is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or genetic information. Applicants with criminal histories will be considered consistent with applicable federal, state, and local laws. * US Applicants: View Employee Rights, Know Your Rights, and E-Verify Notice of Participation. * Accommodations: If you are an individual with a disability who needs a reasonable accommodation, email us your request and contact info at accommodations[at]coinbase.com. Need screen reading technology? Click here to download a free compatible screen reader and view the tutorial. * Data Privacy & Arbitration: By submitting your application, you agree to our Candidate Privacy Notice. US applicants: By submitting your application, you agree to Arbitration of Disputes.