Senior Security Specialist - Risk & Compliance in London

Isomorphic Labs is applying frontier AI to help unlock deeper scientific insights, faster breakthroughs, and life-changing medicines with an ambition to solve all disease. The future is coming. A future enabled and enriched by the incredible power of machine learning. A future in which diseases are curtailed or cured starting with better and faster drug discovery. Come and be part of an interdisciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring and collaborative culture.

About Iso

Isomorphic Labs (IsoLabs) was launched in 2021 to advance human health by building on and beyond the Nobel-winning AlphaFold system. Since then, our interdisciplinary team of drug discovery experts and machine learning specialists has built powerful new predictive and generative AI models that accelerate scientific discovery at digital speed. Our name comes from the belief that there is an underlying symmetry between biology and information science. By harnessing AI’s powerful capabilities, we can use it to model complex biological phenomena to help design novel molecules, anticipate how drugs will perform and develop innovative medicines to treat and cure some of the world’s most devastating diseases. We have built a world-leading drug design engine comprising AI models that are capable of working across multiple therapeutic areas and drug modalities. We are continually innovating on model architecture and developing cutting-edge capabilities to advance rational drug design. Every day, and with each new breakthrough, we’re getting closer to the promise of digital biology, and achieving our ambitious mission to one day solve all disease with the help of AI.

Your impact

As a Senior InfoSec Specialist, you will be a cornerstone of our Governance Risk and Compliance (GRC) function, with a primary focus on securing our supply chain and third-party ecosystem. Reporting to the InfoSec Risk and Governance Lead, you will ensure that our innovative partnerships - from SaaS providers to Clinical Research Organisations (CROs) - meet our security standards. You will also play a key role in enhancing our ISMS and supporting secure business operations, including our drug discovery and clinical activities. Your work directly protects our organisation and ensures the right balance between business objectives and security is sustained.

What you will do

• Coordinate the third party security risk management lifecycle: execute the end-to-end third-party risk process, including initial intake, technical due diligence, risk-based tiering, ongoing monitoring, secure offboarding, and liaising with Legal and Finance teams.
• Perform detailed vendor assurance activities commensurate with their risk profile, ensuring alignment with legal, regulatory, contractual and policy requirements.
• Continuously develop and refine assessment methodologies to evaluate and audit vendors.
• Promote operational efficiency by building and maintaining third party security risk management dashboards and automating evidence collection to provide real-time visibility into the vendor risk landscape.
• Provide expert guidance to medicinal and ML research colleagues on complex risk topics, translating technical issues into clear business impact statements.
• Support the InfoSec Risk and Governance Lead in improving and maintaining the Isomorphic Labs ISMS and other regulated and contractual data assurance requirements, including internal audit execution and control testing.
• Develop a unified GRC framework able to provide internal and external assurance for all relevant legal, regulatory, contractual and policy requirements.
• Coordinate, author and maintain security policies and processes, ensuring they reflect reality as well as meeting our legal, regulatory, and contractual requirements.
• Support the development of secure, lean pharma and clinical operations with an AI-first approach.

Skills and qualifications

Essential:

• Capacity to prioritise critical inquiry over rote compliance - you must be able to critically think through risks and issues and provide timely, accurate and enabling advice suitable to the business.
• Ability to excel as an individual contributor with the agility and adaptability to quickly pivot between strategic to operational levels, and between widely differing contexts.
• Strong understanding of risk management with a proven ability to manage the full risk management lifecycle, from technical risk identification and analysis to presenting clear, business-focused mitigation options.
• Robust knowledge of information technology and cybersecurity, including cloud and ML-based environments.
• Experience leading internal and external assurance activities.
• Knowledge of relevant security and compliance standards (e.g. ISO 27001, NIST).
• Experience managing the security threats posed by a complex third-party ecosystem, including cloud providers.
• Demonstrated experience in life sciences, technology, or AI industries.
• Open-minded and innovative approach in meeting regulatory requirements, balancing compliance with the efficiency demands of ML-driven drug discovery.
• A natural ability to build credibility and influence decision-making across scientific, engineering, corporate and leadership functions to drive the security agenda forward.

Nice to have:

• A deep experience of the Pharma Industry and Drug Development process and ecosystem is a plus.
• Experience in threat modelling.
• Interest in / experience of GRC engineering.
• Interest in / experience of Cyber Risk Quantification.
• Familiarity with AI-specific threats and security controls, such as those addressing model inversion, data poisoning, or adversarial attacks.
• Relevant certifications (e.g. CISA, CISSP).
• Experience automating evidence collection and control monitoring.
• Contribution to open-source security projects or participation in security communities.

Culture and values

We are guided by our shared values. It's not about finding people who think and act in the same way. These values help to guide our work and will continue to strengthen it.

• Thoughtful: Thoughtful at Iso is about curiosity, creativity and care. It is about good people doing good, rigorous and future-making science every single day.
• Brave: Brave at Iso is about fearlessness, but it’s also about initiative and integrity. The scale of the challenge demands nothing less.
• Determined: Determined at Iso is the way we pursue our goal. It’s a confidence in our hypothesis, as well as the urgency and agility needed to deliver on it. Because disease won’t wait, so neither should we.
• Together: Together at Iso is about connection, collaboration across fields and catalytic relationships. It’s knowing that transformation is a group project, and remembering that what we’re doing will have a real impact on real people everywhere.

Creating an extraordinary company

We believe that to be successful we need a team with a range of skills and talents. We're building an environment where collaboration is fundamental, learning is shared and every employee feels supported and able to thrive. We value unique experiences, knowledge, backgrounds, and perspectives, and harness these qualities to create extraordinary impact. We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.

Hybrid working

It’s hugely important for us to share knowledge and build strong relationships with each other, and we find it easier to do this if we spend time together in person. This is why we follow a hybrid model, and would require you to be able to come into the office 3 days a week (currently Tuesday, Wednesday, and one other day depending on which team you’re in). If you have additional needs that would prevent you from following this hybrid approach, we’d be happy to talk through these if you’re selected for an initial screening call.