At Straumann Group we're on an exciting journey of growth, innovation, and impact - driven by our mission to improve oral health and transform millions of lives worldwide. United by purpose, we bring our best selves to work every day, embracing a high-performance, player-learner culture that inspires collaboration, curiosity, and ambition. Here, you'll have the opportunity to take charge of your own career, harnessing your skills, passion, and enthusiasm for learning to continually grow and progress. Together, we're not just shaping brighter smiles, we're unlocking the potential of people everywhere, including our own.
We're looking for an
Information Security Compliance Manager
to join our dynamic and fast-growing global cybersecurity team. Reporting directly to the Chief Information Security Officer (CISO), you'll play a pivotal role in ensuring Straumann's information security program, digital products, and medical technologies meet regulatory, industry, and internal security standards.
This is a highly collaborative role at the intersection of cybersecurity, medical device regulations, quality management, and data protection. You'll work closely with R&D, Quality & Regulatory Affairs (QRA), Legal, and Clinical teams to maintain the highest levels of data and device security compliance across our organization.
Your Role Regulatory & Standards Compliance:
Ensure adherence to ISO 27001 and relevant medical cybersecurity standards (IEC 62304, IEC 81001-5-1, AAMI TIR57/TIR97).
Translate global regulatory requirements into actionable security policies and controls.
Monitor evolving regulations and assess their impact on Straumann's products and systems.
Security & Quality Integration:
Embed cybersecurity requirements into the Quality Management System (QMS) and product lifecycle.
Partner with R&D to apply secure-by-design and risk-based development approaches.
Support regulatory submissions by providing security risk assessments and compliance documentation.
Audits & Certifications:
Lead internal and external audit preparations for ISO 27001, SOC 2, and regulatory inspections.
Manage remediation activities and ensure continuous improvement.
Maintain accurate compliance records, policies, and control documentation.
Risk Management & Monitoring:
Conduct cybersecurity risk assessments across medical devices, IT systems, and cloud platforms.
Oversee third-party vendor security assessments and incident reporting obligations.
Training & Awareness:
Develop and deliver targeted security compliance training across global teams.
Foster a strong culture of cybersecurity awareness and accountability.
Your Profile
Proven knowledge of information security frameworks (ISO 27001, NIST, CIS) and medical device regulations (ISO 13485, MDR, FDA 21 CFR Part 11).
Experience with healthcare cybersecurity standards (IEC 62304, IEC 81001-5-1, AAMI TIR57/TIR97).
Familiarity with data protection laws (GDPR, HIPAA, PIPL, LGPD, CCPA, etc.).
Demonstrated experience in managing audits, certifications, or regulatory inspections.
Strong ability to collaborate across cross-functional teams (R&D, QRA, IT, Legal, Clinical).
Preferred certifications: CISSP, CISA, ISO 27001 Lead Auditor, or ISO 13485 Lead Auditor.
Typically, 2+ years' experience in a quality management or information security compliance role.
What Makes You a Great Fit You combine technical expertise with strong communication and influencing skills, thriving in an environment where precision and collaboration drive results. You're analytical, adaptable, and able to navigate complexity with clarity and confidence. Above all, you're motivated by impact - ensuring patient safety, data protection, and trust through robust, forward-thinking security compliance.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.
Employment Type:
Full Time
Alternative Locations:
Spain : Madrid
Travel Percentage:
0 - 10%
Requisition ID:
19038
#J-18808-Ljbffr