Security Engineer - Governance, Risk and Compliance (GRC), London

Senior Security Engineer - Governance, Risk and Compliance (GRC) - London

Isomorphic Labs is a new Alphabet company that is reimagining drug discovery through a computational- and AI-first approach.

We are on a mission to accelerate the speed, increase the efficacy and lower the cost of drug discovery. You'll be working at the cutting edge of the new era of 'digital biology' to deliver a transformative social impact for the benefit of millions of people. 

Come and be part of a multi-disciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring, collaborative and entrepreneurial culture.

Your impact 

As a Senior Security Engineer - GRC, you will play a crucial role in establishing and maintaining a robust security governance framework at Isomorphic Labs. Your work will be instrumental in ensuring the organisation's compliance with industry standards and regulations, enabling research programs and building trust with key partners. You will contribute to fostering a culture of security awareness and operational excellence, directly impacting the company's ability to achieve its ambitious goals.

What you will do 

• Spearhead the development of IsoLabs' Information Security Management System (ISMS) and guide the organisation through ISO 27001 certifications.
• Implement and continuously improve security policies and controls, ensuring alignment with industry best practices and operational excellence.
• Monitor and maintain compliance with regulations, third-party requirements, and internal security policies, identifying and proactively addressing potential gaps.
• Partner with TechOps, Data Engineering, Legal and Product teams to implement robust data governance solutions, encompassing data labelling, access control, audit trails, de-identification, and data lifecycle management.
• Lead Infosec projects in collaboration with Machine Learning and Drug Discovery teams.
• Develop and execute internal audit programs, and effectively respond to external audits and due diligence requests.
• Actively contribute to IsoLabs’ security awareness program, fostering a strong security culture throughout the organisation.
• Manage Vendor Security Assessment operations and drive continuous improvement of these processes.
• Support the implementation and enhancement of Incident Management and Vulnerability Management policies.
• Partner with Legal and Privacy teams to ensure security practices align with legal and regulatory requirements, particularly concerning data privacy and protection.
• Establish and report on Key Performance Indicators (KPIs) to demonstrate the effectiveness of security operations on business outcomes.

Skills and qualifications 

Essential:

• Strong IT and cybersecurity technical background, including experiences with major cloud platforms.
• Demonstrated experience developing and implementing security policies, standards, and procedures.
• Solid understanding of risk management frameworks, and industry-specific compliance requirements (e.g., ISO/IEC 27001, GDPR, HITRUST).
• Excellent communication and interpersonal skills, with the ability to explain complex security concepts to diverse audiences.
• Practical experience with data governance and privacy controls, including data classification, audit trail, de-identification and data lifecycle management.
• Strong analytical and problem-solving skills, with the ability to differentiate true risks from over-compliance, develop creative solutions to balance business needs with risk mitigation.
• Extensive experience with external audits and leading certification processes.
• Proven ability to act as a project manager and collaborate effectively with cross-functional teams.
• Demonstrated ability to effectively manage and prioritise multiple projects simultaneously, meeting deadlines and delivering results.

Nice to have:

• Experience building and operating a Trusted Research Environment and/or Trusted ML Environments.
• Experience in the BioTech and Pharma industry.
• Experience streamlining Vendor Security Assessments (VSAs).
• Familiarity with the unique challenges of a fast-paced, high-growth environment.
• Solid understanding of security in a computational- and AI-first environment.
• Experience protecting sensitive scientific and personal data.
• Relevant certifications (e.g., CISM, CISA, CISSP, ISO 27001 Lead Implementer/Auditor).
• Experience with security automation tools and technologies.
• Contribution to open-source security projects or participation in security communities.
  
  

Culture and values

What does it take to be successful at IsoLabs? It's not about finding people who think and act in the same way, but we do have some shared values:

Thoughtful
Thoughtful at Iso is about curiosity, creativity and care. It is about good people doing good, rigorous and future-making science every single day.

Brave
Brave at Iso is about fearlessness, but it’s also about initiative and integrity. The scale of the challenge demands nothing less.

Determined
Determined at Iso is the way we pursue our goal. It’s a confidence in our hypothesis, as well as the urgency and agility needed to deliver on it. Because disease won’t wait, so neither should we.

Together
Together at Iso is about connection, collaboration across fields and catalytic relationships. It’s knowing that transformation is a group project, and remembering that what we’re doing will have a real impact on real people everywhere.

Creating an inclusive company

We realise that to be successful we need our teams to reflect and represent the populations we are striving to serve. We’re working to build a supportive and inclusive environment where collaboration is encouraged and learning is shared. We value diversity of experience, knowledge, backgrounds and perspectives and harness these qualities to create extraordinary impact. 

We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.

Hybrid working

It’s hugely important for us to be able to share knowledge and establish relationships with each other, and we find it easier to do this if we spend time together in person. This is why we’ve decided to follow a hybrid model, and for full time positions we would require you to be able to come into the office 3 days a week (currently Tue, Wed, and one other day depending on which team you’re in). For part time positions this may vary.  As an equal opportunities employer we are committed to building an equal and inclusive team. If you have additional needs that would prevent you from following this hybrid approach, we’d be happy to talk through these if you’re selected for an initial screening call.

Please note that when you submit an application, your data will be processed in line with our privacy policy.

>> Click to view other open roles at Isomorphic Labs