Machine learning is eating the world. At PathAI, we're applying it in amazing ways to pathology and healthcare to ultimately help improve people’s lives, one diagnosis at a time. We're applying our work to drug development, the clinical space, and as a global health initiative. 

For us, it's still early days – a fast-growing, in-demand business and team, and the need to scale our Information Security team that helps keep us quick and nimble while protecting the sensitive data we handle. At PathAI, we view security as an enabler of our business and have invested significantly to build and grow the team with great support from the leadership team.

We're looking for an experienced security compliance analyst to join our growing Information Security team, to help us continue to move both fast and safely to have the most impact on the outcomes of patients facing serious diseases. This role will be reporting to the Director of IT & Security. Our security team, which currently includes a Principal Security Engineer, works on automated tools and creates innovative processes to help make security and compliance at PathAI easy, instant, and omnipresent. If you're the right candidate for this hands-on role, you'll be part of the PathAI Information Security team in no time and be able to:

• Lead ongoing internal and external ISO 27001 surveillance and re-certification audits and other security audits that are relevant to PathAI’s business; lead security and compliance audits with PathAI customers, and complete customer security questionnaires.
• Serve as an internal point-person for PathAI employees by translating security policy and compliance frameworks into actionable requirements and guidance to inform their work.
• Perform ongoing internal operations and tasks, including ISO 27001 security reviews and meetings, and maintain documentation associated with PathAI’s ISO 27001-compliant Information Security Management System (ISMS).
• Participate in risk management, incident response, business continuity tests, and other compliance activities and exercises.
• Gather and maintain metrics associated with the Information Security program, working with others on the team. 
• Work with product engineers and product managers, when appropriate, to ensure mitigation of discovered risks and threats, and evangelize best practices and security compliance.
• Lead vendor and 3rd-party security assessments, ensuring that all PathAI vendors and purchased software comply with our security program.
• Help create and maintain information security documentation, including security-related policies and procedures, ensuring that the PathAI ISMS documentation is always up to date and appropriately disseminated throughout the organization.
• Research and stay abreast of the compliance landscape evaluating new security frameworks and compliance programs that may be applicable to PathAI’s business. 
• Maintain a running log of information security issues and work across the organization to ensure that they are addressed in a timely manner.

Requirements:

Our employees come in all shapes and sizes, but to be successful in this role with us, you'll at least need:

• Experience. We expect that this role will require at least 3 to 5 years of experience working in the software development industry and/or in a highly regulated space, with responsibilities relating to security and compliance. If you have fewer years of experience but think you can hang, tell us why.
• Exposure. You shouldn’t be a newcomer to key security concepts, such as relating to IAM, vendor management, and risk management. Additionally, navigating compliance with the alphabets, including SOC, GDPR, and HIPAA should be a part of your repertoire. You don’t need to have experience with all of them, but you should have had enough exposure to be able to quickly pick up others.
• Education. Generally, a bachelor's degree in a relevant field is really helpful in working with our team on this kind of work. But feel free to convince us if you're the exception.
• Tenacity. We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles.
• Communication. This role requires lots of communication with customers and everyone at PathAI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the PathAI security program to help them assess risk, including as part of the business development process.
• Audit management. The ability to lead audits, especially with external stakeholders and certification authorities is a key component of this job, because you would be expected to lead at least two audits each year.
• An insatiable intellectual curiosity and the ability to learn quickly in a complex space.

Benefits:

For the right candidate, we'll offer a competitive salary plus equity. We have a strong benefits package, including heavily-subsidized health, dental, and vision insurance plans to keep you in peak shape. It's rounded out by:

• Flexible work hours
• Three weeks of paid leave per year, plus holidays and extended leave
• Convertible sit-stand desks
• Your choice of computer equipment
• Free lunch on Tuesdays and Fridays
• Snacks and drinks in the office – which currently include a mountain of Milano cookies and cold brew coffee and green tea on tap.

Most importantly, you'll be doing important work with a team of people you'll enjoy spending the day with.

PathAI is an equal opportunity employer, dedicated to creating a workplace that is free of harassment and discrimination. We base our employment decisions on business needs, job requirements, and qualifications — that's all. We do not discriminate based on race, gender, religion, health, personal beliefs, age, family or parental status, or any other status. We don't tolerate any kind of discrimination or bias, and we are looking for teammates who feel the same way.  

PathAI does not accept unsolicited submissions from third-parties.

With the rise of employment phishing scams, especially during the current COVID-19 situation, we ask candidates to be extra vigilant. Be careful about providing any kind of personal information, such as location, age, or financial information to recruiters who may be impersonating PathAI employees. PathAI does not require payment for interviews or for applicants to purchase their own work supplies for reimbursement.