Browse
···
Log in / Register
Summary: This role is a security engineering and compliance builder position, creating the security program from the ground up within a healthcare AI company. Highlights: 1. Own and drive the end-to-end ISO 27001 certification process 2. Design and implement security controls integrated into CI/CD pipelines 3. Build a culture where security isn't a blocker — it's a shared standard **Why Telepatia** The world's most scarce resource isn't time — it's medical attention. Doctors spend 40–70% of their day typing instead of caring for patients. At Telepatia, we're changing that. We build real\-time AI products for healthcare — medical transcription, clinical record generation, and EMR integrations across Brazil and Colombia. Our flagship, AI Doctor, is part of a suite of four AI Healthcare Employees built by doctors, for doctors. **What You'll Do** You'll sit at the intersection of security engineering and compliance — equally comfortable running a risk assessment . This is a builder role: you'll be creating the security program from the ground up, not inheriting a mature one. **Certification \& Compliance** * Own and drive the end\-to\-end ISO 27001 certification process — from gap assessment to external audit readiness, acting as Telepatia's lead internal auditor * Ensure DevSecOps practices align with compliance frameworks including ISO 27001/27701 and SOC 2, and support all audits and internal security assessments * Build and maintain the Information Security Management System (ISMS): policies, controls, risk register, and evidence library * Own the RFP automation process: respond to client security questionnaires with speed and precision, backed by a reusable evidence library * Manage the compliance calendar across Telepatia's operating markets in Brazil and Colombia **Cloud \& Infrastructure Security** * Design, implement, and maintain security controls integrated into CI/CD pipelines and cloud environments, ensuring security by default across development and operations * Implement and maintain security configurations in GCP (IAM, WAF, Security Groups, and equivalent services), continuously strengthening the cloud security posture * Automate security processes and controls using scripting and infrastructure as code to improve efficiency and scalability * Evaluate emerging technologies and architectures — including AI integrations — to ensure their secure adoption **Application \& Development Security** * Integrate security controls into the SDLC, embedding security reviews, threat modeling, and automated scanning into every stage of development * Run focused security training for the engineering team: secure coding practices, access management, and incident response * Act as the internal point of contact when enterprise clients request security reviews, third\-party assessments, or certification evidence **Internal Training \& Culture** * Design and deliver security awareness training for the full team — engineers, commercial, and operations * Prepare all internal stakeholders for external auditor interviews and walkthroughs * Build a culture where security isn't a blocker — it's a shared standard **What You Have** **Experience** 3–6 years in information security, DevSecOps, cloud security, or IT compliance · Certified Lead Auditor for ISO 27001 (or actively pursuing) · Hands\-on experience with CI/CD security, cloud hardening, and internal audit processes · Experience in SaaS, healthtech, or regulated industries is a strong plus **Must\-have skills** ISO 27001 framework and ISMS design · Cloud security in GCP or AWS · CI/CD pipeline security (GitHub Actions, ArgoCD, or similar) · Security RFP and vendor questionnaire management · Strong written communication in Spanish and English **Nice to have** Familiarity with SOC 2, LGPD, Habeas Data · Experience with GRC tools (Vanta, Drata, or similar) · Background in Kubernetes security and containerized workloads · Exposure to AI security considerations and secure model deployment
