Security Assurance Engineer

About The Position

Requirements

• 7–10 years of experience in GRC, security compliance, or related roles
• Direct, hands-on experience with at least three of: ISO 27001, SOC 2, HIPAA, GDPR, FDA QSR/SaMD, or ISO 13485
• Strong policy writing skills — you can turn complex regulatory language into clear, actionable documentation
• Experience managing risk registers and conducting structured risk assessments
• Familiarity with cloud environments (AWS preferred) and SaaS security considerations
• Comfort with CI/CD tooling and collaboration platforms such as Jira and Confluence
• A track record of driving projects to completion independently, without heavy oversight

Nice To Haves

• Experience in healthcare, healthtech, or medical device environments
• Familiarity with EU MDR, IEC 62304, or FDA software guidance for SaMD
• Hands-on experience with GRC platforms such as SecureFrame, Vanta, Drata, OneTrust, or ServiceNow GRC
• Understanding of AI/ML governance and emerging regulations like the EU AI Act
• Relevant certifications: CISSP, CISM, CRISC, CIPP, ISO 27001 Lead Implementer/Auditor, or HCISPP

Responsibilities

• Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
• Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
• Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden
• Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
• Own the risk register and work with risk owners to track treatment plans and exceptions
• Perform security assessments for new tools, AI systems, and vendors before adoption
• Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
• Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
• Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact
• Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
• Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
• Work with Legal on DPAs, contract security terms, and incident notification requirements

Benefits

• Join a fast-growing healthcare technology company shaping the future of AI in radiology
• Work on meaningful products that improve radiology workflows and support better patient outcomes worldwide
• Be part of a mission-driven team that values trust, quality, collaboration, and innovation
• Enjoy flexible working hours and a hybrid work arrangement
• Competitive compensation and benefits package