Acting as the primary subject matter expert for all security and compliance inquiries, including security questionnaires, RFPs, and M&A due diligence; building and maintaining a robust knowledge base to ensure accurate and efficient responses to partners and clients.
Taking end-to-end ownership of certification lifecycles, such as ISO 27001 and Cyber Essentials; ensuring year-round audit readiness, managing the certification process from start to finish, and independently leading external audits.
Working closely with the GRC team to improve existing programs, ensuring that our mapping of controls to processes and documentation remains robust and scalable as we grow.
Partnering with the Quality Assurance & Regulatory Affairs (QARA) team to bridge the gap between security-focused frameworks and Medical Device Compliance initiatives, ensuring a unified approach to the AI Act and other healthcare-specific regulations.
Collaborating with product teams on existing and upcoming initiatives to ensure security-by-design; quickly learning new product architectures and partnering with stakeholders to ensure all necessary compliance and security controls are integrated smoothly into the development lifecycle.
Collaborating with Security, Product, Engineering, and IT teams to ensure that security controls are naturally integrated into their existing workflows without creating operational friction.
Providing subject matter expertise and support for security and compliance training, as well as other general GRC initiatives as they arise.

Requirements

5+ years of hands-on experience in GRC, with a proven track record of leading audits and maintaining certifications for internationally recognized security standards.
Hands-on experience with at least three of the following frameworks: ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST SP 800-171, NIST SP 800-53, GDPR, HIPAA or PCI DSS.
Exceptional command of the English language, both written and spoken. You must be able to communicate complex security concepts clearly and authoritatively to both technical teams and external stakeholders.
A strong understanding of how security controls apply to Infrastructure and Product environments to effectively map requirements to technical work instructions.
A "wildcard" mindset—the ability to be dropped into a new project or product initiative, learn the context quickly, and define the necessary compliance path forward.
Familiarity with the intersection of cybersecurity (ISO, NIS2) and privacy/regulatory frameworks (GDPR, AI Act, or Medical Device regulations).
Familiarity with Medical Device certifications and regulations, such as ISO 13485 and FDA’s Good Manufacturing Practices (GMP).
Experience working across diverse teams such as Legal, Quality, and IT to align on shared compliance goals.

Benefits

Health, dental and vision insurance
Meal allowance
Equity shares
Remote work allowance
Flexible working hours
Work from home
Discretionary vacation
Snacks and beverages
English class

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

GRCISO 27001SOC 2HITRUSTNIS2Cyber Resilience ActFedRAMPCMMCNIST SP 800-171NIST SP 800-53

Soft skills

communicationcollaborationproblem-solvingadaptabilityleadershiptrainingsubject matter expertiseorganizational skillscritical thinkingstakeholder engagement

Certifications

ISO 13485Cyber EssentialsFDA Good Manufacturing Practices