Senior Security Specialist - Risk & Compliance in London

About Iso

Isomorphic Labs (IsoLabs) was launched in 2021 to advance human health by building on and beyond the Nobel-winning AlphaFold system. Our interdisciplinary team of drug discovery experts and machine learning specialists has built powerful new predictive and generative AI models that accelerate scientific discovery at digital speed. We believe a symmetry exists between biology and information science, and we harness AI to model complex biological phenomena, design novel molecules, anticipate drug performance, and develop innovative medicines.

Your impact

As a Senior InfoSec Specialist, you will be a cornerstone of our Governance Risk and Compliance (GRC) function, primarily focused on securing our supply chain and third-party ecosystem. Reporting to the InfoSec Risk and Governance Lead, you will ensure that our partnerships—from SaaS providers to Clinical Research Organisations—meet our security standards. You will also play a key role in enhancing our ISMS and supporting secure business operations, including drug discovery and clinical activities.

What You Will Do

• Coordinate the third-party security risk management lifecycle: execute the end-to-end third-party risk process, including initial intake, technical due diligence, risk-based tiering, ongoing monitoring, secure offboarding, and liaising with Legal and Finance teams.
• Perform detailed vendor assurance activities commensurate with their risk profile, ensuring alignment with legal, regulatory, contractual and policy requirements.
• Continuously develop and refine assessment methodologies to evaluate and audit vendors.
• Promote operational efficiency by building and maintaining third-party security risk management dashboards and automating evidence collection to provide real-time visibility into the vendor risk landscape.
• Provide expert guidance to medicinal and ML research colleagues on complex risk topics, translating technical issues into clear business impact statements.
• Support the InfoSec Risk and Governance Lead in improving and maintaining the Isomorphic Labs ISMS and other regulated and contractual data assurance requirements, including internal audit execution and control testing.
• Develop a unified GRC framework able to provide internal and external assurance for all relevant legal, regulatory, contractual and policy requirements.
• Coordinate, author and maintain security policies and processes, ensuring they reflect reality as well as meeting our legal, regulatory, and contractual requirements.
• Support the development of secure, lean pharma and clinical operations with an AI-first approach.

Skills And Qualifications

Essential

• Capacity to prioritise critical inquiry over rote compliance—critical thinking through risks and issues and providing timely, accurate and enabling advice suitable to the business.
• Ability to excel as an individual contributor with agility and adaptability to pivot quickly between strategic and operational levels.
• Strong understanding of risk management with a proven ability to manage the full risk management lifecycle, from technical risk identification and analysis to presenting clear, business-focused mitigation options.
• Robust knowledge of information technology and cybersecurity, including cloud and ML-based environments.
• Experience leading internal and external assurance activities.
• Knowledge of relevant security and compliance standards (e.g., ISO 27001, NIST).
• Experience managing the security threats posed by a complex third-party ecosystem, including cloud providers.
• Demonstrated experience in life sciences, technology, or AI industries.
• Open-minded and innovative approach in meeting regulatory requirements, balancing compliance with the efficiency demands of ML-driven drug discovery.
• A natural ability to build credibility and influence decision-making across scientific, engineering, corporate and leadership functions to drive the security agenda forward.

Nice to have

• Deep experience of the Pharma industry and Drug Development process and ecosystem.
• Experience in threat modelling.
• Interest in or experience of GRC engineering.
• Interest in or experience of Cyber Risk Quantification.
• Familiarity with AI-specific threats and security controls, such as those addressing model inversion, data poisoning, or adversarial attacks.
• Relevant certifications (e.g., CISA, CISSP).
• Experience automating evidence collection and control monitoring.
• Contribution to open-source security projects or participation in security communities.

Hybrid working

We follow a hybrid model and would require you to be able to come into the office three days a week (currently Tuesday, Wednesday, and one other day depending on the team). If you have additional needs that would prevent you from following this hybrid approach, we would be happy to discuss alternatives if you are selected for an initial screening call.

Equal Employment Opportunity

We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please let us know.