As a Security and Compliance Specialist, you will bridge the gap between software development, cybersecurity and compliance, ensuring that our security measures align with regulatory standards and industry best practices. You will work closely with cross-functional teams to assess risks, develop and implement security policies and procedures, and monitor compliance with relevant regulations. This role offers a unique opportunity to contribute to both the technical aspects of cybersecurity and the regulatory requirements governing the biotech industry. The candidate will also acquire the Data Protection Officer position after the training period.

The responsibilities of this position encompasses the following:

Regulatory Compliance

• Monitor and ensure compliance with data protection laws, regulations, and industry standards, mainly GDPR and HDS (Health Data Hosting under French law) cybersecurity guidelines.

• Conduct regular audits and assessments to assess compliance with regulatory requirements.

Policy development and implementation

• Develop and maintain security policies, standards, and procedures in alignment with regulatory requirements and industry best practices.

• Implement security controls and measures to mitigate risks and vulnerabilities.

• Foster a culture of security awareness and compliance throughout the organization and contribute to our Information Security Management System (ISMS).

Risk management

• Conduct risk assessments to identify potential threats and vulnerabilities to our systems, data, and infrastructure.

• Develop risk mitigation strategies and work with stakeholders to implement appropriate controls.

Incident responses and investigation

• Lead incident response efforts in the event of cybersecurity incidents or data breaches, coordinating with internal teams and external stakeholders as necessary.

• Conduct post-incident reviews and forensic investigations to identify root causes and lessons learned.

1. Master’s degree or equivalent in Computer Science, Information Security, or a related field.

2. Previous experience (3-4 years or more) as developer, cybersecurity expert or similar, ideally within the biotech, pharmaceutical, or healthcare industry.

3. Proficiency in the Python programming language.

4. Strong understanding of cybersecurity principles, regulatory requirements, and industry standards.

5. Experience with risk management frameworks and methodologies (e.g., ISO 27001).

6. Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.

7. Experience in working with Cloud-based environment, specifically Microsoft Azure, would be a strong plus.