Information Security Officer

In the fight against breast cancer, every medical image is an opportunity: to unlock insight, to uncover risk, to embody health, to empower life. ScreenPoint’s Transpara Breast AI delivers unmatched precision for breast radiologists and helps define personalized care pathways for every woman we serve. Make your mark as part of The Breast AI Company.

We are looking for an Organizational Information Security Officer to lead and mature ScreenPoint Medical’s information security program. You will own the strategy, governance, and day-to-day execution needed to strengthen our security posture, support responsible growth, and keep the organization continuously audit-ready.

This is a global role with a strong focus on ISO 27001 and SOC 2. You will work closely with Innovation, Product Management, Engineering, Quality, Regulatory, Infrastructure, Privacy/Legal, and Commercial teams to embed security into how we operate the organization. As ScreenPoint continues to become more AI-native, you will help ensure that our use of AI, data, systems, and processes remains secure, responsible, and scalable. You will translate security requirements into practical controls, clear decisions, and measurable improvements within our Information Security Management System (ISMS).

Key responsibilities

• ISMS leadership and security roadmap: Own, maintain, and continuously improve the ISMS, including governance processes, documentation, security objectives, management reviews, KPIs, and an organization-wide roadmap aligned with business goals and the QMS.


• ISO 27001 and SOC 2 control framework: Lead the implementation, operation, and continuous improvement of our security control environment. Maintain the control set, clarify control ownership, define operating cadences, collect evidence consistently, support audits, and track remediation so we remain audit-ready rather than audit-rushed.
  


• Governance, risk, and policy management: Build and operate a pragmatic security governance model, including policies, standards, risk assessments, risk treatment plans, exception handling, and leadership reporting. Translate security risks into business impact and actionable decisions.
  


• Security architecture and secure operations: Partner with Infrastructure and Engineering to strengthen secure foundations across IAM, endpoint security, cloud security, logging and monitoring, encryption, backup and recovery, and vulnerability management.
  


• Incident response and preparedness: Own incident response planning and coordination, including playbooks, tabletop exercises, escalation paths, communication plans, and post-incident reviews. Collaborate with Privacy/Legal when incidents may affect customers or regulated data.
  


• Third-party and vendor security: Establish and run a vendor risk management process, including supplier security reviews, contract/security requirement input, risk-based monitoring, and follow-up for critical suppliers.
  


• Security culture and enablement: Build a security-first culture through practical training, clear guidance, and stakeholder enablement. Act as the primary point of contact for security inquiries, customer assurance requests, audits, and security-related decision-making.


• AI-native security governance: Support ScreenPoint’s transition into an AI-native organization by helping define practical security principles for the responsible use of AI tools, data, automation, and emerging technologies. Partner with teams to balance innovation, speed, compliance, and risk management.

Job requirements

You are a proactive, independent security leader who combines strategic thinking with hands-on execution. You know how to raise organizational security maturity, build trust with stakeholders, and turn security requirements into working practices that teams can adopt. You have proven experience building, scaling, or materially improving organizational security programs in a modern software and/or cloud environment. Furthermore, you have:

• Strong working knowledge of ISO 27001 and/or SOC 2, including translating requirements into implementable controls, evidence routines, and operating rhythms.
  


• Experience with risk management, policy development, control design, control testing, and remediation tracking.
  


• Practical understanding of IAM, cloud security, endpoint security, logging and monitoring, vulnerability management, encryption, backup/recovery, and incident response.
  


• Strong stakeholder management skills and the ability to influence Engineering, Product, Infrastructure, Quality, Regulatory, Commercial, Privacy/Legal, and leadership stakeholders.
  


• Excellent written and spoken English, with the ability to explain complex security topics clearly to technical and non-technical audiences.
  


• Ability to operate effectively in a global EU and US context, including distributed stakeholders, customer assurance expectations, and region-specific requirements.
  

Preferred qualifications

• Hands-on experience leading an ISO 27001 certification journey and/or SOC 2 readiness and audit cycles.


• Knowledge of Quality Management System frameworks such as ISO 13485 or ISO 9001.
  


• Familiarity with security frameworks and concepts such as NIST CSF, CIS Controls, ISO 27017, and ISO 27018.
  


• Experience in regulated industries such as MedTech or Pharma, or in customer-driven assurance environments.
  


• Relevant certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.

Join ScreenPoint Medical and help us build and scale an information security program that enables responsible growth - meeting ISO 27001 and SOC 2 expectations while maintaining high standards of security, compliance, and risk management.

About us
ScreenPoint Medical is a leading company that develops and markets breast image analysis and cutting edge machine learning applications and services. Our product Transpara improves breast cancer survival rates by detecting cancers earlier so that treatment can be more effective and less invasive.

Do you want to help us build an innovative solution to improve health worldwide? And do you want to be part of an ambitious and fast-growing team who help you develop your career further? Please apply using the application button.

Providing a Certificate of Conduct (VOG) or background check is part of our application procedure. Questions about the contents of the vacancy or the recruitment process at ScreenPoint Medical? Please send an email to [email protected]. 

Providing a Certificate of Conduct (VOG) or background check is part of our application procedure. Questions about the contents of the vacancy or the recruitment process at ScreenPoint Medical? Please send an email to [email protected].