Information Security Risk and Governance Lead

Information Security Risk and Governance Lead

Location: London or Lausanne

Type: Full-time | Hybrid (3 days/week onsite)

Company Overview

Join a pioneering AI-first biotech company that’s redefining how we discover and develop medicines. This organisation leverages cutting-edge machine learning to unlock new possibilities in drug discovery, aiming to solve some of humanity’s most devastating diseases. With deep roots in scientific innovation and an ambitious vision, they are building a world-class team at the intersection of biology, AI, and engineering.

Role Overview

This role offers a unique opportunity to architect and operationalise a best-in-class information security governance framework. Reporting directly to the Chief Information Security Officer (CISO), you will lead strategic efforts to embed security, trust, and regulatory readiness into a platform that supports world-leading biomedical research and drug design.

You will play a pivotal role in aligning data governance, security operations, and compliance within an environment that spans regulated biopharma workflows, cloud-native infrastructure, and AI/ML experimentation at scale.

Key Responsibilities

• Design and implement a unified compliance framework across AI, cyber, and life sciences regulatory domains.
• Own and drive the strategic programme for ISO 27001 certification and ongoing ISMS operations.
• Develop and maintain security policies and procedures, tailored for an AI-first, GxP-regulated organisation.
• Lead information security risk assessments, translating technical threats into business-relevant decisions.
• Collaborate cross-functionally with ML, engineering, legal, and scientific teams on secure data governance initiatives.
• Oversee internal and external audit readiness, including partner due diligence and regulatory inspection preparation.
• Champion third-party risk management across AI, cloud, and research vendor ecosystems.
• Establish KPIs and dashboards to communicate the effectiveness of the security and risk programme.
• Drive security culture initiatives through awareness campaigns, training, and governance forums.

Required Experience & Skills

• Experience as a hands-on individual contributor who can pivot to strategy and delivery.
• In-depth knowledge of InfoSec and regulatory standards including ISO 27001, NIST, GDPR, HIPAA, GxP, and the EU AI Act.
• Demonstrated experience leading compliance certification programmes and external audits.
• Strong understanding of cybersecurity and IT infrastructure within ML/cloud environments.
• Proven track record managing risk end-to-end — from identification to mitigation and communication.
• Practical experience with privacy and data lifecycle controls, including audit trails, de-identification, and retention.
• Industry experience in either the AI or life sciences sector, with awareness of domain-specific risk landscapes.
• Strong stakeholder management skills with an ability to influence across technical and scientific domains.

Nice to Have

• Familiarity with AI-specific threats (e.g., model inversion, adversarial attacks) and appropriate mitigations.
• Experience developing Trusted Research or Trusted ML Environments.
• Certifications such as CISSP, CISM, CISA, CIPP/E, ISO 27001 Lead Implementer, or equivalents.
• Experience with modern GRC platforms (e.g., Vanta, Drata) or automation via Python/scripting.
• Involvement in open-source security communities or contributions to public frameworks.

Working Model & Culture

Hybrid working (3 days onsite – typically Tuesday, Wednesday + 1 flexible day)

Fast-paced, cross-functional environment with a focus on high-integrity science and rapid delivery.

Culture built on intellectual humility, ambition, and collaboration across disciplines.

Commitment to diversity, equity, and belonging in every aspect of work and culture.