Senior Security Analyst / Engineer (d/f/m)

We believe that AI has the potential to revolutionize how cancer and other complex diseases are diagnosed and treated. We also believe that AI is a tool, not an identity – without access to high quality data and a scientifically rigorous, transparent approach to model development, AI is just a buzzword. That’s where we come in.

Aignostics is a spin-off from one of Europe's largest and most prestigious university hospitals (Charité), with employees in Berlin and New York. We have received over $20M in funding from leading investors and are a growing team of over 100 interdisciplinary professionals. We work with academic partners as well as leading global life sciences companies.

As a Senior Security Analyst / Engineer at Aignostics, you will drive the development and improvement of our Information Security Management System (ISMS) in compliance with ISO 27001 standards. You will manage compliance documentation, collaborate across departments to ensure accurate evidence for audits, and support internal and external audit processes. Your role includes conducting risk assessments, implementing mitigation strategies, and automating compliance tasks like evidence collection and monitoring. Additionally, you will update security policies to meet regulatory standards and foster a culture of security through employee training and awareness programs.

This is a unique opportunity to join a fun, diverse, and growing team of 100+ data scientists, software developers, biologists, and pathologists to shape the next generation of cancer treatments. You will be part of a driven community that works in an agile, supportive and interdisciplinary research environment where your results make a difference to patients. In our established startup you have the opportunity to grow personally and technically, take responsibility and benefit from a dynamic work environment.

At Aignostics, we believe that fighting cancer is a job for people of all identities, backgrounds, and cultures. We value and celebrate diversity and inclusion and are committed to offering equal employment and promotion opportunities for all applicants and employees. Applicants will be considered regardless of their age, disability, ethnicity, race, gender identity or expression, sexual orientation, religion, etc. We thrive through collaboration and believe the more inclusive we are, the better our work will be.

• ISO 27001 Compliance Management:
  Implement and maintain the ISMS framework aligned with ISO 27001 (ideally version 2022) standards, ensuring all compliance requirements are met effectively.
  
  
• Evidence and Records Management:
  Maintain and manage all compliance documentation, cross-departmental collaboration (with DevOps, HR, Product, Customer Support, Quality Assurance, and Legal for compliance initiatives) to check past and actual records and evidence for internal and external audits, as well as ensuring accuracy and readiness of them for surveillance audits.
  
  
• Audit Support:
  Collaborate with internal teams and external auditors during certification, surveillance, and recertification audits. Prepare and present necessary documentation and evidence to demonstrate compliance.
  
  
• Risk Assessment and Mitigation:
  Conduct regular risk assessments and work with stakeholders to implement appropriate mitigation strategies. Update the risk register and monitor corrective and preventive actions.
  
  
• Automation of Compliance Processes:
  Leverage programming skills or passion to automate repetitive tasks related to evidence collection, risk assessments, logging, and compliance monitoring.
  
  
• Information Security Policies and Procedure Management:
  Develop, review, and update security policies, procedures, and guidelines to ensure they remain relevant and compliant with regulatory requirements and adhere to our Quality Assurance team expectations.
  
  
• Training and Awareness:
  Conduct security awareness and compliance training sessions for employees to promote a culture of security and compliance throughout the organization.
  
  
• Collaboration Across Teams:
  Work closely with DevOps, Quality Assurance, Legal, Product, and other teams to integrate compliance requirements into everyday operations and projects.
  
  
• Continuous Improvement:
  Stay updated with industry trends, standards, and technologies to enhance compliance initiatives and drive continuous improvement in ISMS processes.

• A background in information security or compliance
• A passion for automation (especially ticketing/Jira automation) and documentation.
• Proven experience in managing ISO 27001 ISMS implementation and maintenance, including acting as a Lead Implementer or providing support equivalent to Lead Auditor responsibilities.
• Deep understanding of information security, compliance frameworks, and regulatory requirements.
• Experience with GRC (Governance, Risk, and Compliance) tools and automated compliance solutions.
• Experience with audit preparation and evidence management.
• Familiarity with scripting and automation tools (e.g., Python, PowerShell, or similar) to automate compliance processes.
• Excellent organizational, analytical, and problem-solving skills.
• Good communication skills to effectively collaborate with cross-functional teams.
• Take the lead in ensuring our compliance and security excellence, where your expertise will shape the future of our security operations and ISMS.
• A keen eye for detail and spotting weaknesses in systems.
• Ability to collaborate in multi-disciplinary teams effectively.

Ideally, you also have:

• Office enthusiasm: enjoy being present in our Berlin office – while we support flexible work, this hands-on role thrives on in-person collaboration for managing compliance processes and fostering a security-first culture.
• Cloud security expertise: good understanding of public cloud technologies (e.g., GCP, AWS) with a focus on compliance, security controls, and risk management.
• Certifications: relevant credentials in information security (e.g., ISO 27001 Lead Auditor, CISM, CISSP) and compliance (e.g., GDPR, SOC 2).
• Compliance tools: experience with GRC platforms and automation tools to streamline evidence collection, monitoring, and reporting.
• Audit expertise: strong understanding of internal and external audit processes, including certification, surveillance, and recertification audits.

We are still keen to hear from you if you don't match all the above points! Our needs are diverse and growing, and you are encouraged to apply if you have a strong combination of these skills.

• Join a purpose-driven start up: We are working collectively to fight cancer and improve patient outcomes. Come help us make a difference!
• Cutting-edge AI research and development, with involvement of Charité, TU Berlin and our other partners
• Work with a welcoming, diverse and highly international team of colleagues
• Opportunity to take responsibility and grow your role within the startup
• Expand your skills by benefitting from our Learning & Development yearly budget of 1,000€ (plus 2 L&D days), language classes and internal development programs
• Mentoring program, you’ll learn from great experts
• Flexible working hours and teleworking policy
• Enjoy your well-deserved time off within our 28 paid vacations days per year
• We are family & pet friendly and support flexible parental leave options
• Pick a subsidized membership of your choice among public transport, sports and well-being
• Enjoy our social gatherings, lunches, and off-site events for a fun and inclusive work environment