Security & Privacy – AI Specialist

About Us:

Spectrum.Life is a whole-of-health digital partner that guides organisations and their people to thrive, delivering clinically backed digital health, mental health and wellbeing solutions.

Our HealthTech delivers digital transformation for Insurers, Educators and Employers through Co-creation or seamlessly integrated out-of-the-box solutions, that decrease digital fragmentation and engage, empower, and transform their people’s lives.

Established in 2018 by Stuart McGoldrick and Stephen Costello, Spectrum.Life provides services internationally to over 7.2m insurance members, 3,000 corporate clients, 60 universities and 650,000 university students. Spectrum.Life currently employs over 350 people.

Our vision is to change and save as many lives as possible.

Role Brief:

Spectrum.Life is rapidly expanding its use of AI-driven tools, including Heidi AI (medical transcription), Fin (AI-powered customer support), and Dr. Jay (medical guidance). These initiatives provide significant opportunities for efficiency and innovation but also introduce major security, privacy, and compliance risks, especially given the sensitive nature of personal and health data.
The Security & Privacy – AI Specialist will provide dedicated oversight of these systems and others, ensuring their deployment and use complies with GDPR, ISO 27001/27701, and the forthcoming EU AI Act, while embedding privacy and security by design. This role is critical to enabling safe AI innovation without regulatory, reputational, or security setbacks.

Responsibilities:

1. Oversight of AI Systems

• Monitor and govern AI tools (e.g., Heidi AI, Fin, Dr. Jay) to ensure secure and compliant handling of sensitive data.
• Implement technical controls for anonymisation, redaction, and encryption.
• Continuously monitor prompts, outputs, and integrations for inappropriate or risky use.

2. Compliance Leadership

• Lead GDPR and ISO 27001/27701 compliance for all AI initiatives, including DPIAs, lawful basis analysis, and data subject rights management.
• Drive readiness for the EU AI Act, classifying AI systems and ensuring conformity with high-risk AI obligations (documentation, oversight, transparency).
• Support AI and broader compliance through monitoring, risk detection, and the development of responsible AI practices, privacy notices, and documentation.

3. Risk Management & Security Integration

• Assess and mitigate risks of data leakage from AI systems.
• Evaluate vendor security for third-party AI and non AI providers and enforce contractual safeguards.
• Align AI systems with existing information security frameworks, including incident response and access controls.
• Contribute to ISMS management /audits, controls, upkeep, and compliance monitoring.

4. Policy, Governance & Training

• Draft and maintain an AI Acceptable Use Policy and internal guidance on security, privacy, and AI usage.
• Deliver training for staff and stakeholders on responsible AI usage and risk awareness.
• Promote privacy-by-design and security-by-design in all AI projects.

5. Business Enablement

• Serve as subject-matter expert for AI security and privacy, advising technical and non-technical stakeholders.
• Support innovation by ensuring compliance guardrails are built into AI projects from inception.
• Provide reporting and insights on AI risk, usage, and compliance status to leadership.
• Support Privacy Team case management with subject rights requests, incidents, internal queries and case resolution.

Requirements:

• Degree or Equivalent Experience: A degree in Cyber Security, Computer Science, or a related discipline, or equivalent proven professional experience.
• Data Protection Expertise: Proven knowledge of GDPR, EU AI Act, ISO 27001/27701, and privacy impact assessments.
• Security Knowledge: Strong grasp of encryption, access controls, vendor risk management, and incident response.
• AI Literacy: Understanding of AI/ML technologies, their risks, and governance requirements.
• Governance & Policy Development: Experience drafting policies, embedding privacy/security by design, and running training programmes.
• Stakeholder Management: Skilled in engaging technical and business teams, regulators, and external partners.

Desirable:

• Professional experience in security, privacy, or compliance roles within highly regulated industries (healthcare, financial services, technology).
• Track record of independent ownership of compliance/security programmes.
• AI / Security / Privacy certifications are not required, but demonstrable understanding of these areas and their risks is essential.

What Are The Benefits Of Working At Spectrum.Life?

• Full time permanent contract
• Competitive salary (Dependent on experience).
• In-office, remote or hybrid working options
• 25 days annual leave
• 24/7 EAP and a wide range of health and wellbeing supports
• Extensive list of employee perks and benefits https://app.box.com/s/6wwkvowbev6cn7tlvq9yz32amnpmnvcl