Information Security & Compliance Lead

Summary

Join Ikerian AG, a fast-growing medical device software company, as their Information Security & Compliance Lead, reporting to the CTO. You will own the Information Security Management System (ISMS), driving ISO 27001 certification and ensuring compliance with various regulations like GDPR, HIPAA, and others. This hands-on role involves leading risk management, supplier security, and acting as the single point of contact for auditors and regulators. You will also have dotted-line influence over Engineering, IT Ops, HR, and Procurement. The position requires a strong background in information security and compliance, including experience with ISO 27001 implementation. Ikerian AG offers a competitive salary and benefits package, including a remote-first culture and flexible hours.

Requirements

• 5–8 years in information security / GRC, including end-to-end ISO 27001 or SOC 2 implementation experience in a cloud-native environment
• Proven track record as ISMS owner or Lead Auditor; managing audits and corrective actions
• Familiarity with GDPR, HIPAA and vendor-risk management for SaaS or medical-device software
• Bachelor’s or Master’s in Information Security, Computer Science, or similar
• Excellent written & spoken English; strong stakeholder influence, training ability and concise reporting to exec/board level
• Self-starter comfortable in a high-autonomy startup; able to prioritise and execute with limited resources
• Eligible to work remotely within Europe; able to travel to Switzerland ~ 3 times / year

Responsibilities

• Lead ISO 27001 implementation & certification
• Finalise scope, risk methodology, Statement of Applicability, and control rollout
• Chair the ISMS Steering Committee and present quarterly KPIs to leadership
• SOC2/HITRUST or similar certification
• Own ongoing security & privacy compliance
• Maintain ISO 27001, GDPR (EU/CH), HIPAA (US) and MDR Annex I IT clauses and FDA IT & Cybersecurity clauses
• Serve as designated Data Protection Officer (DPO) and Data Security Officer (DSO)
• EU AI act, DE Digital service act, PIPEDA/Swiss Data Protection and UK IT Governance act (UKGDPR) compliances
• Risk management & continuous improvement
• Keep the Asset/Risk Register current; run annual risk assessment & treatment plans
• Drive corrective actions from incidents, audits and penetration tests
• Audit & customer assurance
• Plan and host internal audits, external surveillance audits and customer assessments
• Produce security white-papers, Due-Diligence Questionnaires (DDQs) and SoC-type artefacts
• Supplier & cloud security governance
• Own supplier onboarding, security questionnaires, right-to-audit clauses and periodic reviews
• Security engineering enablement
• Collaborate with DevOps to harden cloud infrastructure (AWS) and CI/CD pipelines
• Embed Secure-SDLC practices (threat modelling, SAST/DAST, dependency scanning)
• Awareness & culture
• Deliver onboarding training, phishing simulations and role-based security sessions
• Publish monthly security metrics and incident learnings to the wider team

Preferred Qualifications

ISO 27001 Lead Implementer/Auditor, CISM or CISSP (strong plus)

Benefits

• Competitive salary & bonus plus participation in our Employee Stock Option Plan
• Remote-first culture with flexible hours and true work-life balance
• Budget for certifications, conferences and equipment of your choice
• Opportunity to build a green-field ISMS that directly impacts patient outcomes
• Inclusive, collaborative team that values ownership and rapid iteration