Infosec Risk and Governance Lead

**InfoSec Risk and Governance Lead, Lausanne**

We are here to advance human health, by reimagining drug discovery with the power and pace of artificial intelligence.

The future is coming. A future enabled and enriched by the incredible power of machine learning. A future in which diseases are curtailed or cured by better and faster drug discovery.

Our values exist in service of that future. We think they’ll help us bring it closer, too.

Come and be part of an interdisciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring and collaborative culture.

The world we want tomorrow is the one we’re building today. It starts with the culture at this company. It starts with you.

**About Iso**:
Isomorphic Labs (IsoLabs) was founded in 2021 and is led by Sir Demis Hassabis. Our aim is to usher in a new era of biomedical breakthroughs and find cures for some of humanity’s devastating diseases.

Our foundations are built on the success of Google DeepMind’s AlphaFold, but we didn’t stop there We are continuing to develop and implement state-of-the-art technologies as we move towards our goal of dramatically accelerating and improving the process of designing and bringing new medicines to patients.

We have built a world-leading drug design engine comprising foundational AI models that are capable of working across multiple therapeutic areas and drug modalities. The company is continually innovating on model architecture and developing cutting-edge capabilities to advance rational drug design.

**Your impact**:
As the Information Security Risk and Governance Lead, you will architect and evolve our security governance framework underpinning our scientific breakthroughs. Directly reporting to the CISO, your work will be critical in aligning our data management and security strategy with a complex regulatory landscape; enabling cutting-edge research programmes and reinforcing trust with partners. Your role will be instrumental in fostering a culture of security accountability and risk-informed decision-making, and ultimately in enabling Isomorphic Labs’ mission to solve all disease.

**What you will do**:

- Architect and operationalise a unified compliance framework spanning Drug Discovery and Development, AI, and Cyber regulatory landscapes.
- Own the strategic programme to achieve and maintain ISO 27001 certification for our Information Security Management System (ISMS).
- Author and maintain our security policies and processes, ensuring they are practical and effectively applied within our GxP-regulated and AI-first environment.
- Lead information security-related risk management and deliver actionable reports to key stakeholders, translating technical risks into business impact.
- Combine robust technical knowledge and business operations expertise to craft tailored risk mitigation strategies.
- Partner with Tech, ML, Legal, and Medical Research Teams to implement a comprehensive data governance framework, encompassing labelling, audit trails, and data lifecycle.
- Oversee internal and external audit programs and drive continuous readiness for regulatory inspections and partner due diligence.
- Lead engaging awareness and training programmes that foster a strong security culture throughout the organisation.
- Own Third Party Risk Management, including building an innovative approach to assess and manage risks from our critical AI, cloud, and research partners.
- Establish and report on Key Performance Indicators (KPIs) to demonstrate the effectiveness of security operations on business outcomes.

**Skills and qualifications**:
**Essential**:

- Ability to excel as an individual contributor initially, with the agility to pivot from strategic risk planning to direct, collaborative implementation assistance.
- Knowledge of security and compliance standards across InfoSec (e.g. ISO 27001, NIST, HITRUST), life sciences (e.g. GxP, 21 CFR), emerging AI regulation (e.g. EU AI Act), and privacy domains (GDPR, HIPAA).
- Demonstrated experience leading multifaceted certification programs and responding to external audits.
- Robust knowledge of information technology and cybersecurity, including cloud and ML-based environments.
- Proven ability to manage the full risk management lifecycle, from technical risk identification and analysis to presenting clear, business-focused mitigation options.
- Experience managing the security threats posed by a complex third-party ecosystem, including cloud providers, AI vendors, and clinical research organisation partners (CROs).
- Practical experience with data governance and privacy controls, including data classification, audit trail, de-identification and data lifecycle management.
- Demonstrated experience in either the life sciences or the AI industry, with a strong grasp of domain-specific risks and regulatory challenges.
- Open-minded and innovative approach in meeting