Head of Information Security, London or Lausanne
$ads={1}
Isomorphic Labs is a new Alphabet company that is reimagining drug discovery through a computational- and AI-first approach.We are on a mission to accelerate the speed, increase the efficacy and lower the cost of drug discovery. You'll be working at the cutting edge of the new era of 'digital biology' to deliver a transformative social impact for the benefit of millions of people.
Come and be part of a multi-disciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring, collaborative and entrepreneurial culture.
Your impact
Reporting to the CTO, you will be responsible for the overall information security strategy for the organisation. This includes creating and managing our ISMS, developing and implementing security policies and procedures, managing security risks and incidents, and ensuring that the organisation's information assets are protected from unauthorised access, use, disclosure, disruption, modification, or destruction.
Cyberattacks against AI/ML systems can compromise AI/ML specific assets, such as training data (e.g. data poisoning) or trained models (e.g. adversarial attacks, model stealing), or exploit vulnerabilities in the AI/ML system’s underlying technical infrastructure. To ensure a level of security appropriate to the risks, we are taking a comprehensive approach to assess and address any potential vulnerabilities that may arise.
You will be an individual contributor initially, but there may be an opportunity to build a team over time as the company grows.
What you will do
- Collaborate with the CTO and company leadership to develop and implement a comprehensive information security and data governance strategy.
- Create, implement and manage a practical Information Security Management System (ISMS), risk-control framework, and resulting security policies and procedures that align with the organisation's business goals and objectives.
- Manage security risks by identifying, assessing, and mitigating threats and vulnerabilities..
- Ensure that the organisation's information assets are protected from unauthorised access, use, disclosure, disruption, modification, or destruction.
- Develop and maintain Business Continuity and Disaster Recovery processes.
- Develop and implement Data Governance processes.
- Operate an industry-leading Incident Response operation.
- Conduct security audits and reviews to identify and fix security vulnerabilities.
- Develop and maintain an inclusive security awareness program to educate employees about security risks and best practices.
- Work cross functionally with Alphabet and Isomorphic Labs teams to ensure that security is integrated into all aspects of the organisation's operations.
- Champion establishing and maintaining secure engineering practices.
- Work with external auditors to assess and certify compliance to necessary InfoSec standards.
- Work with external vendors to ensure adequate InfoSec tooling and incident response support.
- Provide regular updates and advice to the leadership team on the organisation's security posture and make recommendations for improvement.
Skills and qualifications
Essential:
- At least one of CCISO, CISSP, CISM, CRISC and/or Master's degree in information security or equivalent
- Experience in leading an organisation through the process of achieving and renewing ISO27001 certification
- Relevant experience and knowledge of security operations such as threat and vulnerability assessments, security incident management, identity and access management (IDAM), disaster recovery, and the core pillars of ISO27001
- Experience with security risk management, security compliance, and security auditing
- Familiarity with secure development and operation of ML-based systems.
- Good communication and presentation skills
- Ability to work independently and as part of a team
- Ability to thrive in a constantly evolving and ambiguous environment
Nice to have:
- ISO27001 Lead Auditor or Lead Implementer qualified
- Knowledge of cloud platforms, and machine learning model development and operation
- Strong technical skills in security architecture, security engineering, penetration testing, etc.
- Experience building and leading a diverse and inclusive InfoSec team
- Experience developing data governance and data protection processes
- Experience operating in a healthcare, medical research, biotechnology, or drug discovery environment, including handling of sensitive data and regulatory compliance.
Culture and values
What does it take to be successful at IsoLabs? It's not about finding people who think and act in the same way, but we do have some shared values:
Thoughtful
Thoughtful at Iso is about curiosity, creativity and care. It is about good people doing good, rigorous and future-making science every single day.
Brave
Brave at Iso is about fearlessness, but it’s also about initiative and integrity. The scale of the challenge demands nothing less.
Determined
Determined at Iso is the way we pursue our goal. It’s a confidence in our hypothesis, as well as the urgency and agility needed to deliver on it. Because disease won’t wait, so neither should we.
In this together
Together at Iso is about connection, collaboration across fields and catalytic relationships. It’s knowing that transformation is a group project, and remembering that what we’re doing will have a real impact on real people everywhere.
Creating an inclusive company
We realise that to be successful we need our teams to reflect and represent the populations we are striving to serve. We’re working to build a supportive and inclusive environment where collaboration is encouraged and learning is shared. We value diversity of experience, knowledge, backgrounds and perspectives and harness these qualities to create extraordinary impact.
We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.
Hybrid working
It’s hugely important for us to be able to share knowledge and establish relationships with each other, and we find it easier to do this if we spend time together in person. This is why we’ve decided to follow a hybrid model, and would require you to be able to come into the office 3 days a week (currently Tue, Wed, and one other day depending on which team you’re in). As an equal opportunities employer we are committed to building an equal and inclusive team. If you have additional needs that would prevent you from following this hybrid approach, we’d be happy to talk through these if you’re selected for an initial screening call.
Please note that when you submit an application, your data will be processed in line with our privacy policy.
>> Click to view other open roles at Isomorphic Labs
