Key skills
AWSCloudSDLCServiceNowAIMLSaaSJiraConfluenceCI/CDCollaboration
About this role
Role Overview
- Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
- Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
- Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden
- Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
- Own the risk register and work with risk owners to track treatment plans and exceptions
- Perform security assessments for new tools, AI systems, and vendors before adoption
- Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
- Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
- Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact
- Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
- Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
- Work with Legal on DPAs, contract security terms, and incident notification requirements
Requirements
- 7–10 years of experience in GRC, security compliance, or related roles
- Direct, hands-on experience with at least three of: ISO 27001, SOC 2, HIPAA, GDPR, FDA QSR/SaMD, or ISO 13485
- Strong policy writing skills — you can turn complex regulatory language into clear, actionable documentation
- Experience managing risk registers and conducting structured risk assessments
- Familiarity with cloud environments (AWS preferred) and SaaS security considerations
- Comfort with CI/CD tooling and collaboration platforms such as Jira and Confluence
- A track record of driving projects to completion independently, without heavy oversight
- Experience in healthcare, healthtech, or medical device environments (Nice-to-Have)
- Familiarity with EU MDR, IEC 62304, or FDA software guidance for SaMD (Nice-to-Have)
- Hands-on experience with GRC platforms such as SecureFrame, Vanta, Drata, OneTrust, or ServiceNow GRC (Nice-to-Have)
- Understanding of AI/ML governance and emerging regulations like the EU AI Act (Nice-to-Have)
- Relevant certifications: CISSP, CISM, CRISC, CIPP, ISO 27001 Lead Implementer/Auditor, or HCISPP (Nice-to-Have)
Tech Stack
- AWS
- Cloud
- SDLC
- ServiceNow
Benefits
- Join a fast-growing healthcare technology company shaping the future of AI in radiology
- Work on meaningful products that improve radiology workflows and support better patient outcomes worldwide
- Be part of a mission-driven team that values trust, quality, collaboration, and innovation
- Enjoy flexible working hours and a hybrid work arrangement
- Competitive compensation and benefits package