Information Security & Compliance Lead (Full Time Remote - Europe) About Us
Ikerian AG (formerly RetinAI Medical) is a fast-growing medical device software company headquartered in Bern, Switzerland. Our mission is to enable better healthcare decisions through transformative AI and data management solutions for disease screening and monitoring. Join our diverse team of entrepreneurs, developers, researchers, and commercial experts shaping the future of healthcare.
Job Description
Reporting to the CTO, the Information Security & Compliance Lead owns our Information Security Management System (ISMS). You will drive ISO 27001 certification, ensure compliance with EU AI Act, Digital Service Act, GDPR, HIPAA, PIPEDA, Swiss Data Protection laws, UK IT Governance Act (UKGDPR), and other data and cybersecurity regulations. You will lead risk management, oversee supplier security, and act as the primary contact for auditors, customers, and regulators. This is a hands-on, senior standalone role with influence over Engineering, IT Ops, HR, and Procurement teams.
Key Responsibilities
Lead ISO 27001 implementation and certification, including scope finalization, risk methodology, Statement of Applicability, and control deployment. Chair the ISMS Steering Committee and present quarterly KPIs. Achieve SOC2/HITRUST or similar certification.
Maintain ongoing security and privacy compliance with ISO 27001, GDPR (EU/CH), HIPAA (US), MDR Annex I, FDA IT & Cybersecurity clauses. Serve as Data Protection Officer (DPO) and Data Security Officer (DSO).
Manage risk assessments, asset registers, and drive corrective actions from incidents, audits, and penetration tests.
Plan and host internal and external audits, produce security documentation, Due-Diligence Questionnaires (DDQs), and SOC-type reports.
Oversee supplier onboarding, security questionnaires, right-to-audit clauses, and periodic reviews.
Collaborate with DevOps to secure cloud infrastructure (AWS) and CI/CD pipelines, embed Secure SDLC practices such as threat modeling, SAST/DAST, and dependency scanning.
Deliver security awareness training, phishing simulations, and security sessions. Share monthly security metrics and incident learnings with the team.
Requirements
5-8 years in information security/GRC, with hands-on experience in ISO 27001 or SOC 2 implementation in a cloud-native environment.
Proven experience as ISMS owner or Lead Auditor, managing audits and corrective actions.
Familiarity with GDPR, HIPAA, and vendor risk management for SaaS or medical device software.
Bachelor's or Master's degree in Information Security, Computer Science, or related field.
ISO 27001 Lead Implementer/Auditor, CISM, or CISSP certification (preferred).
Excellent English communication skills, stakeholder influence, training ability, and concise reporting to leadership.
Self-motivated, autonomous, capable of prioritizing and executing with limited resources.
Eligible to work remotely within Europe; willing to travel to Switzerland approximately three times per year.
Benefits
Competitive salary, bonus, and participation in our Employee Stock Option Plan.
Remote-first culture with flexible hours, promoting work-life balance.
Budget for certifications, conferences, and equipment.
Opportunity to build a green-field ISMS impacting patient outcomes.
Inclusive, collaborative team valuing ownership and rapid iteration.
#J-18808-Ljbffr