Job Description

We are looking for a Security Assurance Engineer to join our team, owning the policies, risk programs, and audit processes that keep our products secure and our customers confident. You will work directly with Engineering, Legal, HR, and IT to translate complex regulatory requirements into practical guidance teams can act on.

What You'll Do

Policy & Standards

• Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
• Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
• Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden

Risk Management

• Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
• Own the risk register and work with risk owners to track treatment plans and exceptions
• Perform security assessments for new tools, AI systems, and vendors before adoption

Compliance & Audit

• Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
• Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
• Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact

Cross-Functional Collaboration

• Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
• Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
• Work with Legal on DPAs, contract security terms, and incident notification requirements

Requirements

What You Bring

Must-Haves

• 7–10 years of experience in GRC, security compliance, or related roles
• Direct, hands-on experience with at least three of: ISO 27001, SOC 2, HIPAA, GDPR, FDA QSR/SaMD, or ISO 13485
• Strong policy writing skills — you can turn complex regulatory language into clear, actionable documentation
• Experience managing risk registers and conducting structured risk assessments
• Familiarity with cloud environments (AWS preferred) and SaaS security considerations
• Comfort with CI/CD tooling and collaboration platforms such as Jira and Confluence
• A track record of driving projects to completion independently, without heavy oversight

Nice-to-Haves

• Experience in healthcare, healthtech, or medical device environments
• Familiarity with EU MDR, IEC 62304, or FDA software guidance for SaMD
• Hands-on experience with GRC platforms such as SecureFrame, Vanta, Drata, OneTrust, or ServiceNow GRC
• Understanding of AI/ML governance and emerging regulations like the EU AI Act
• Relevant certifications: CISSP, CISM, CRISC, CIPP, ISO 27001 Lead Implementer/Auditor, or HCISPP

Benefits

• Join a fast-growing healthcare technology company shaping the future of AI in radiology
• Work on meaningful products that improve radiology workflows and support better patient outcomes worldwide
• Be part of a mission-driven team that values trust, quality, collaboration, and innovation
• Enjoy flexible working hours and a hybrid work arrangement
• Competitive compensation and benefits package