Information Security & Compliance Lead (Full Time Remote - Europe)

3 weeks ago Be among the first 25 applicants

About Us

Ikerian AG (formerly RetinAI Medical) is a fast-growing medical device software company headquartered in Bern, Switzerland. Our mission is to enable the right decisions sooner in healthcare, through transformative AI & data management solutions for disease screening and monitoring. Join our diverse team of entrepreneurs, developers, researchers, and commercial experts who are collectively shaping the future of healthcare.

About Us

Ikerian AG (formerly RetinAI Medical) is a fast-growing medical device software company headquartered in Bern, Switzerland. Our mission is to enable the right decisions sooner in healthcare, through transformative AI & data management solutions for disease screening and monitoring. Join our diverse team of entrepreneurs, developers, researchers, and commercial experts who are collectively shaping the future of healthcare.

Job Description

Reporting to the CTO, the Information Security & Compliance Lead owns our Information Security Management System (ISMS). You will drive ISO 27001 certification, comply and maintain EU AI act, DE Digital service act, GDPR/HIPAA/PIPEDA/Swiss Data Protection and UK IT Governance act (UKGDPR) compliances and any other data and cybersecurity, lead risk management and supplier security, and act as single point of contact for auditors, customers and regulators. This is a hands-on, standalone senior role with dotted-line influence over Engineering, IT Ops, HR and Procurement.

Key Responsibilities

• Lead ISO 27001 implementation & certification
• Finalise scope, risk methodology, Statement of Applicability, and control rollout
• Chair the ISMS Steering Committee and present quarterly KPIs to leadership
• SOC2/HITRUST or similar certification.
• Own ongoing security & privacy compliance
• Maintain ISO 27001, GDPR (EU/CH), HIPAA (US) and MDR Annex I IT clauses and FDA IT & Cybersecurity clauses
• Serve as designated Data Protection Officer (DPO) and Data Security Officer (DSO)
• EU AI act, DE Digital service act, PIPEDA/Swiss Data Protection and UK IT Governance act (UKGDPR) compliances.
• Risk management & continuous improvement
• Keep the Asset/Risk Register current; run annual risk assessment & treatment plans
• Drive corrective actions from incidents, audits and penetration tests
• Audit & customer assurance
• Plan and host internal audits, external surveillance audits and customer assessments
• Produce security white-papers, Due-Diligence Questionnaires (DDQs) and SoC-type artefacts
• Supplier & cloud security governance
• Own supplier onboarding, security questionnaires, right-to-audit clauses and periodic reviews
• Security engineering enablement
• Collaborate with DevOps to harden cloud infrastructure (AWS) and CI/CD pipelines
• Embed Secure-SDLC practices (threat modelling, SAST/DAST, dependency scanning)
• Awareness & culture
• Deliver onboarding training, phishing simulations and role-based security sessions
• Publish monthly security metrics and incident learnings to the wider team
  
  

Requirements

5-8 years in information security / GRC, including end-to-end ISO 27001 or SOC 2 implementation experience in a cloud-native environment.

Proven track record as ISMS owner or Lead Auditor; managing audits and corrective actions.

Familiarity with GDPR, HIPAA and vendor-risk management for SaaS or medical-device software.

Bachelor's or Master's in Information Security, Computer Science, or similar.

ISO 27001 Lead Implementer/Auditor, CISM or CISSP (strong plus).

Excellent written & spoken English; strong stakeholder influence, training ability and concise reporting to exec/board level.

Self-starter comfortable in a high-autonomy startup; able to prioritise and execute with limited resources.

Eligible to work remotely within Europe; able to travel to Switzerland : 3 times / year.

Benefits

• Competitive salary & bonus plus participation in our Employee Stock Option Plan
• Remote-first culture with flexible hours and true work-life balance
• Budget for certifications, conferences and equipment of your choice
• Opportunity to build a green-field ISMS that directly impacts patient outcomes
• Inclusive, collaborative team that values ownership and rapid iteration

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Ikerian by 2x

Greater Bristol Area, United Kingdom 3 days ago

London, England, United Kingdom 12 hours ago

Birmingham, England, United Kingdom 2 weeks ago

Harrow, England, United Kingdom 1 hour ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.