Security Engineer - Governance, Risk and Compliance(GRC), London London Senior Security Engineer - Governance, Riskand Compliance (GRC) -London Isomorphic Labs is a new Alphabetcompany that is reimagining drug discovery through a computational-and AI-first approach. We are on a mission to accelerate the speed,increase the efficacy and lower the cost of drug discovery. You'llbe working at the cutting edge of the new era of 'digital biology'to deliver a transformative social impact for the benefit ofmillions of people. Come and be part of a multi-disciplinary teamdriving groundbreaking innovation and play a meaningful role incontributing towards us achieving our ambitious goals, while beinga part of an inspiring, collaborative and entrepreneurial culture.Your impact As a Senior Security Engineer - GRC, you will play acrucial role in establishing and maintaining a robust securitygovernance framework at Isomorphic Labs. Your work will beinstrumental in ensuring the organisation's compliance withindustry standards and regulations, enabling research programs andbuilding trust with key partners. You will contribute to fosteringa culture of security awareness and operational excellence,directly impacting the company's ability to achieve its ambitiousgoals. What you will do - Spearhead the development of IsoLabs'Information Security Management System (ISMS) and guide theorganisation through ISO 27001 certifications. - Implement andcontinuously improve security policies and controls, ensuringalignment with industry best practices and operational excellence.- Monitor and maintain compliance with regulations, third-partyrequirements, and internal security policies, identifying andproactively addressing potential gaps. - Partner with TechOps, DataEngineering, Legal and Product teams to implement robust datagovernance solutions, encompassing data labelling, access control,audit trails, de-identification, and data lifecycle management. -Lead Infosec projects in collaboration with Machine Learning andDrug Discovery teams. - Develop and execute internal auditprograms, and effectively respond to external audits and duediligence requests. - Actively contribute to IsoLabs’ securityawareness program, fostering a strong security culture throughoutthe organisation. - Manage Vendor Security Assessment operationsand drive continuous improvement of these processes. - Support theimplementation and enhancement of Incident Management andVulnerability Management policies. - Partner with Legal and Privacyteams to ensure security practices align with legal and regulatoryrequirements, particularly concerning data privacy and protection.- Establish and report on Key Performance Indicators (KPIs) todemonstrate the effectiveness of security operations on businessoutcomes. Skills and qualifications - Strong IT and cybersecuritytechnical background, including experiences with major cloudplatforms. - Demonstrated experience developing and implementingsecurity policies, standards, and procedures. - Solid understandingof risk management frameworks, and industry-specific compliancerequirements (e.g., ISO/IEC 27001, GDPR, HITRUST). - Excellentcommunication and interpersonal skills, with the ability to explaincomplex security concepts to diverse audiences. - Practicalexperience with data governance and privacy controls, includingdata classification, audit trail, de-identification and datalifecycle management. - Strong analytical and problem-solvingskills, with the ability to differentiate true risks fromover-compliance, develop creative solutions to balance businessneeds with risk mitigation. - Extensive experience with externalaudits and leading certification processes. - Proven ability to actas a project manager and collaborate effectively withcross-functional teams. - Demonstrated ability to effectivelymanage and prioritise multiple projects simultaneously, meetingdeadlines and delivering results. Nice to have: - Experiencebuilding and operating a Trusted Research Environment and/orTrusted ML Environments. - Experience in the BioTech and Pharmaindustry. - Experience streamlining Vendor Security Assessments(VSAs). - Familiarity with the unique challenges of a fast-paced,high-growth environment. - Solid understanding of security in acomputational- and AI-first environment. - Experience protectingsensitive scientific and personal data. - Experience with securityautomation tools and technologies. - Contribution to open-sourcesecurity projects or participation in security communities. Cultureand values What does it take to be successful at IsoLabs? It's notabout finding people who think and act in the same way, but we dohave some shared values: Thoughtful: Thoughtful at Iso is aboutcuriosity, creativity and care. It is about good people doing good,rigorous and future-making science every single day. Brave: Braveat Iso is about fearlessness, but it’s also about initiative andintegrity. The scale of the challenge demands nothing less.Determined: Determined at Iso is the way we pursue our goal. It’s aconfidence in our hypothesis, as well as the urgency and agilityneeded to deliver on it. Because disease won’t wait, so neithershould we. Together: Together at Iso is about connection,collaboration across fields and catalytic relationships. It’sknowing that transformation is a group project, and rememberingthat what we’re doing will have a real impact on real peopleeverywhere. Creating an inclusive company We realise that to besuccessful we need our teams to reflect and represent thepopulations we are striving to serve. We’re working to build asupportive and inclusive environment where collaboration isencouraged and learning is shared. We value diversity ofexperience, knowledge, backgrounds and perspectives and harnessthese qualities to create extraordinary impact. We are committed toequal employment opportunities regardless of sex, race, religion orbelief, ethnic or national origin, disability, age, citizenship,marital, domestic or civil partnership status, sexual orientation,gender identity, pregnancy or related condition (includingbreastfeeding) or any other basis protected by applicable law. It’shugely important for us to be able to share knowledge and establishrelationships with each other, and we find it easier to do this ifwe spend time together in person. This is why we’ve decided tofollow a hybrid model, and for full time positions we would requireyou to be able to come into the office 3 days a week (currentlyTue, Wed, and one other day depending on which team you’re in). Forpart time positions this may vary. Please note that when you submitan application, your data will be processed in line with ourprivacy policy. #J-18808-Ljbffr
