Neko Health is a Swedish healthcare technology company co-founded in 2018 by Hjalmar Nilsonne and Daniel Ek. Neko's vision is to shift healthcare from reactive treatment toward preventative health and early detection. This requires completely reimagining the patient's experience and incorporating the latest advances in sensors and AI. Neko Health has developed a new medical scanning technology concept to make it possible to do broad and non-invasive health data collection that is convenient and affordable for the public. The company is based in Stockholm, offering the Neko Body Scan experience at locations in Stockholm, London and Manchester, with over 500 employees.
We are looking for a Security Manager – Awareness & Training to lead our global security education program and strengthen Neko’s security culture. This role focuses on reducing human‑driven risk, designing engaging training, driving behavioural change, and ensuring all employees meet security and compliance obligations.
You will own Neko’s security awareness roadmap, phishing program, onboarding experience, role-based training, and internal communication strategy. You will also support security requirements for ISO 27001, HIPAA, SOC 2, IEC 81001‑5‑1, and security‑related audits.
This is a high‑impact role where you will collaborate closely with Engineering, IT, People/HR, Compliance, Platform, and Leadership teams to embed security into daily operations.
Responsibilities
Awareness & Behavioural Security
Own and lead the company‑wide Security Awareness & Training Program.
Design and deliver engaging learning formats: micro‑training, videos, workshops, newsletters, simulated exercises.
Run and continuously improve phishing simulation campaigns, including reporting metrics and follow‑up training.
Maintain a quarterly awareness and communication campaign calendar.
Training & Competence
Ensure employees meet all required annual and role‑based security training, including:
onboarding training
secure coding and developer education
incident response roles
clinical and operational security basics
Maintain training records and prepare audit‑ready evidence.
Define and track security culture KPIs: competence scores, reporting rates, behavioural improvement indicators.
Cross‑Functional Enablement
Collaborate with Engineering & Platform teams to deliver secure coding and best‑practice training.
Partner with People/HR to embed security into onboarding, offboarding, and role changes.
Support internal communication of security requirements, policy changes, and emerging threats.
Prepare and maintain awareness-related artifacts for audits and compliance reviews.
Requirements
5+ years in security awareness, information security, training, behavioural security, or a related role.
Strong understanding of human risk, phishing, social engineering, and behavioural change principles.
Experience designing or managing security awareness programs.
Familiarity with secure coding or technical security topics (AppSec, cloud security fundamentals).
Excellent communication skills; ability to translate complex topics into simple, engaging content.
Experience with LMS platforms or enterprise learning tools.
Experience in regulated industries (health‑tech, medical device, healthcare, fintech).
Background in psychology, behavioural science, or learning & development is a plus.
About the Engineering Team
Distributed and Remote First
We are nearly 100 full time engineers at the company, working from Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm, spanning diverse disciplines such as Hardware Engineering, Firmware Development, Electrical Design, Algorithm Development, Machine Learning Development, Optronics Research, Frontend Development and more. We don't expect people to join us with a specific tech knowledge, but we do expect you to work with our tools. We use a mix of React, Typescript, C++, and Python. Our APIs are written in C# with ASP.NET Core, uses Azure Cosmos DB, and Azure Active Directory for authentication.
Our headquarters and our hardware development team are in Stockholm, Sweden.
We are a Remote First company; however, it is of course much easier to work remotely as a software engineer than a hardware or firmware engineer (since they require access to hardware or devices occasionally). Software engineers based in Stockholm work maybe one day a week or one day every two weeks from the office.
We meet a couple of times per year to get to know each other and have fun.
Organization and Way of Working
The engineering team is divided into smaller cross functional project teams that each focus on a specific goal or target, where some groups are long-lived, and some are short-lived, depending on how big the goal or deliverable is. We strive to create groups which are cross-functional and able to complete their goals without dependence on other teams, even though this is of course not always possible.
Groups track goals on a yearly and quarterly basis with goal follow-up across the entire engineering organization on a bi-weekly basis. Most groups do internal planning on a bi-weekly basis, but in the end it's up to the group to decide how they want to work.
We have, however, mandated that all groups must present their progress or failures or hacks at our bi-weekly engineering demo, a fun meeting/presentation where we talk about everything from short-circuiting power-modules, how hard it is to calibrate cameras or align polygons in space, to neat new command line tools for operations, a new auth mechanism in the backend, a cool new way to visualize health data or a new feature which helps our doctors be more productive.
We have a flexible workplace that focuses on work/life balance, and we strongly believe in our mission but do not think that achieving it requires sacrificing everything else.
