Indivi is a TechBio company enabling precision and personalised medicine to become a reality in neuroscience research and development. We are going through significant growth and looking for new team members who want to contribute to making our vision — making measurable what is not so — a reality.
As an Information Security & Compliance Associate, you will be responsible for the day-to-day maintenance and continuous improvement of Indivi's Information Security Management System (ISMS) in accordance with ISO 27001, while also supporting the management and ongoing development of our Quality Management System (QMS) under ISO 13485. You will play a key role in executing the ISMS Annual Compliance Plan, maintaining security and compliance documentation within Jira and Confluence, coordinating evidence collection for audits, and supporting the identification, tracking, and remediation of security risks, vulnerabilities, and compliance actions in a fast-paced TechBio environment.
This is an onsite position that will initially be offered on a part-time basis (20 hours per week) for the first six months. Subject to satisfactory performance and business needs, the role may transition to a full-time position thereafter.
Key Responsibilities
ISMS Operations & Compliance:
ISMS Operations: Lead the execution of regular ISMS tasks in Jira. You will ensure that monthly controls (access reviews, backup verifications, log monitoring, etc.) are executed on time and documented.
Continuous Improvement (NC & CAPA): Identify process gaps, document Non-Conformities (NC), and track Corrective and Preventive Actions (CAPA) until closure.
Risk & Vulnerability Management: Assist the ISO in updating the Risk Register (scenario-based Risk Model). Coordinate with technical departments for the remediation of vulnerabilities identified in security scans.
Audit Readiness: Act as a key contributor during Internal Audits and External ISO 27001/13485 surveillance audits.
Documentation Governance: Manage policies and SOPs in Confluence, ensuring compliance with FDA 21 CFR Part 11 (electronic signatures).
Data Privacy & Governance: Support the DPO in maintaining the RoPA and coordinating DPIAs/BIAs.
Necessary Competence (education qualification):
Experience: 1-2 years in Information Security, IT Audit, or Quality Assurance roles.
Education: Degree in Computer Science, Cybersecurity, or related technical field.
Needed skills:
Industry-Specific Skills:
Solid understanding of ISO 27001:2022. and GDPR/HIPAA compliance in a TechBio environment.
Basic understanding of ISO 13485:2016, ICH-E6 (GCP), CSV (Computerised System Validation) and SBOM management.
Technical Stack:
Proficiency in Atlassian Suite (Jira, JSM & Confluence).
Familiarity with SIEM tools (Wazuh) and Vulnerability Scanners.
Basic knowledge of AWS Cloud security and MDM (Mosyle).
Soft Skills: High attention to detail (documentation rigour), analytical mindset, and ability to work in a regulated environment (GCP).
Languages:
What to Expect:
Your Learning & Development Path
We do not expect you to master all these responsibilities from day one. This role is designed with a long-term learning roadmap to help you build a solid foundation in TechBio compliance. You will be continuously mentored by the Information Security Manager, who will provide personalised, 1-on-1 training sessions and ongoing guidance to ensure your success and professional growth within our dual ISO 27001 and ISO 13485 environment.
Role Roadmap & Key Priorities
First 3 Months (Immediate Priority): Your primary focus will be driving the transition and adaptation of our ISMS documentation to align with our Quality Management System (QMS). This will involve heavy use of SoftComply Document Manager (an Atlassian Confluence add-on) to ensure all policies and procedures meet strict regulatory standards.
Beyond 3 Months (Long-Term Focus): Once the documentation transition is established, your core focus will shift to the operational execution of the ISMS Annual Compliance Plan, managing regular security tasks, and ensuring continuous audit readiness.
We are looking for highly motivated and experienced people with our like-minded focus on improving the lives of people with neurological disease.
Indivi is an equal opportunities employer and encourages applications from candidates of all backgrounds, particularly those from underrepresented groups. Reasonable adjustments will be made wherever possible.
https://indivi.io