Senior Security Specialist - Risk & Compliance

Isomorphic Labs (IsoLabs) was launched in 2021 to advance human health by building on and beyond the Nobel-winning AlphaFold system. Since then, our interdisciplinary team of drug discovery experts and machine learning specialists has built powerful new predictive and generative AI models that accelerate scientific discovery at digital speed.

Our name comes from the belief that there is an underlying symmetry between biology and information science. By harnessing AI’s powerful capabilities, we can use it to model complex biological phenomena to help design novel molecules, anticipate how drugs will perform and develop innovative medicines to treat and cure some of the world’s most devastating diseases.

We have built a world-leading drug design engine comprising AI models that are capable of working across multiple therapeutic areas and drug modalities. We are continually innovating on model architecture and developing cutting-edge capabilities to advance rational drug design.

Every day, and with each new breakthrough, we’re getting closer to the promise of digital biology, and achieving our ambitious mission to one day solve all disease with the help of AI.

As a Senior InfoSec Specialist, you will be a cornerstone of our Governance Risk and Compliance (GRC) function, with a primary focus on securing our supply chain and third-party ecosystem. Reporting to the InfoSec Risk and Governance Lead, you will ensure that our innovative partnerships - from SaaS providers to Clinical Research Organisations (CROs) - meet our security standards. You will also play a key role in enhancing our ISMS and supporting secure business operations, including our drug discovery and clinical activities. Your work directly protects our organisation and ensures the right balance between business objectives and security is sustained.

• →Coordinate the third party security risk management lifecycle: execute the end-to-end third-party risk process, including initial intake, technical due diligence, risk-based tiering, ongoing monitoring, secure offboarding, and liaising with Legal and Finance teams.
• →Perform detailed vendor assurance activities commensurate with their risk profile, ensuring alignment with legal, regulatory, contractual and policy requirements.
• →Continuously develop and refine assessment methodologies to evaluate and audit vendors.
• →Promote operational efficiency by building and maintaining third party security risk management dashboards and automating evidence collection to provide real-time visibility into the vendor risk landscape.
• →Provide expert guidance to medicinal and ML research colleagues on complex risk topics, translating technical issues into clear business impact statements
• →Support the InfoSec Risk and Governance Lead in improving and maintaining the Isomorphic Labs ISMS and other regulated and contractual data assurance requirements, including internal audit execution and control testing.
• →Develop a unified GRC framework able to provide internal and external assurance for all relevant legal, regulatory, contractual and policy requirements.
• →Coordinate, author and maintain security policies and processes, ensuring they reflect reality as well as meeting our legal, regulatory, and contractual requirements.
• →Support the development of secure, lean pharma and clinical operations with an AI-first approach.

• Capacity to prioritise critical inquiry over rote compliance - you must be able to critically think through risks and issues and provide timely, accurate and enabling advice suitable to the business.
• Ability to excel as an individual contributor with the agility and adaptability to quickly pivot between strategic to operational levels, and between widely differing contexts.
• Strong understanding of risk management with a proven ability to manage the full risk management lifecycle, from technical risk identification and analysis to presenting clear, business-focused mitigation options.
• Robust knowledge of information technology and cybersecurity, including cloud and ML-based environments.
• Experience leading internal and external assurance activities.
• Knowledge of relevant security and compliance standards (e.g. ISO 27001, NIST).
• Experience managing the security threats posed by a complex third-party ecosystem, including cloud providers.
• Demonstrated experience in life sciences, technology, or AI industries.
• Open-minded and innovative approach in meeting regulatory requirements, balancing compliance with the efficiency demands of ML-driven drug discovery.
• A natural ability to build credibility and influence decision-making across scientific, engineering, corporate and leadership functions to drive the security agenda forward.

• A deep experience of the Pharma Industry and Drug Development process and ecosystem is a plus
• Experience in threat modelling.
• Interest in / experience of GRC engineering.
• Interest in / experience of Cyber Risk Quantification.
• Familiarity with AI-specific threats and security controls, such as those addressing model inversion, data poisoning, or adversarial attacks.
• Relevant certifications (e.g. CISA, CISSP).
• Experience automating evidence collection and control monitoring.
• Contribution to open-source security projects or participation in security communities.

>> Click to view other open roles at Isomorphic Labs