Security Compliance Officer

Biofourmis is a rapidly growing, global digital health company filled with committed, passionate professionals who care about augmenting personalized care and empowering people with complex chronic conditions to live better and healthier lives. We are pioneering an entirely new category of medicine by developing clinically validated, software-based therapeutics to provide improved outcomes for patients, smarter engagement & tracking tools for clinicians, and cost-effective solutions for payers. We are collectively devoted to a single-minded idea: powering personally predictive care.

Our dynamic growth has been marked by doubled headcount in the last 12 months via both expansion & acquisition, yielding a global footprint with offices in Boston, Singapore, Bangalore, and Zurich. We are backed by prominent international venture capital investment & have cultivated relationships with worldwide healthcare stakeholders over the last 5 years. Our talented team features numerous PhD’s in Data Science and Biostatistics, over 80 patents, prolific scientific publications, world-class systems, developers & engineers, and leaders in the clinical operations space.

Roles & Responsibilities

• Support security compliance audits like SOC-2, ISO 27001 and HITRUST.
• Conduct readiness assessments, coordination with stakeholders, document and controls implementations for the external audits on a regular basis.
• Perform security and technology risk assessment, and provide recommendations on risk mitigation /remediation strategies under the guidance.
• Work with the business & other stakeholders in creating and roll out security policies, processes and controls to manage technology risk and ensure effective risk governance.
• Perform routine internal audits and follow up on action items for effective compliance management.
• Regularly review, update and align the current security policies with the control infra.
• Support, participate and monitor BCP/DR plan and drills under the guidance.
• Work with team or independently manage security projects and tools.
• Assist in mapping various compliance frameworks, certifications, etc.
• Support on vendor security assessments e.g. initial kick off, follow up, remediation plans and follow ups, etc. under the guidance.

Requirements

• 7 years of relevant experience or a previous role into security technology with few years into risk, compliance and audit activities.
• Excellent implementation knowledge of various security audits like SOC 2 and ISO 27001, their expectatioins and requirements.
• Experienced in working with external auditors, as an auditor and auditee.
• Good conceptual and analytical skills on implementing security controls to protect organizational assets.
• Capable of participating in multiple projects simultaneously in an evolving and fast growing organizational culture.
• Excellent interpersonal skills, good at coordination and a team player.
• Any of the certification/s – CISA, CRISC, etc.

Preferred Qualifications/Skills

• Past experience with healthcare industry is a plus.
• Experience with medical devices, IoT devices, etc. related compliance to support regulatory requirements (FDA, etc.) and third party security audits like SOC 2, ISO 27001, MDSAP, ISO 13485, etc. is a plus.
• Good to have knowledge of cloud security.