Velsera Inc.
About Velsera
Medicine moves too slow. At Velsera, we are changing that.
Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights.
Velsera provides software and professional services for:
AI-powered multimodal data harmonization and analytics for drug discovery and development
IVD development, validation, and regulatory approval
Clinical NGS interpretation, reporting, and adoption
With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries!
What will you do? Compliance & Governance
Develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework
Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audits.
Serve as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI).
Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworks.
Plan, conduct and manage internal and supplier audits
Plan GRC activities, prioritise and implement them in timbound manner.
Perform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructure
Collaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance. Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configurations.
Review risk mitigations periodically and track remediation efforts to closure.
Conduct third-party vendor risk assessments, focusing on their adherence to required compliance standards.
Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical teams.
Evaluate and recommend new security technologies and processes to enhance the compliance and risk posture.
Stays current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPAA.
What do you bring to the table? Experience
Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance.
Proven, hands‑on experience driving and maintaining ISO 27001 certification programs.
Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud‑centric environment.
Strong technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud‑native security services.
Education: Bachelor's degree in IT, Computer Science or related field.
Certifications (One or more highly preferred):
CISSP (Certified Information Systems Security Professional)
CISA (Certified Information Systems Auditor)
ISO 27001 Lead Implementer/Auditor
CCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud‑specific security certification (e.g., AWS Certified Security, Azure Security Engineer).
Soft Skills
Proficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear actionable
Strong project management and organizational skills to handle multiple, simultaneous audit and compliance initiatives.
A collaborative and proactive mindset, with the ability to influence and lead cross‑functional teams without direct authority.
Benefits
Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work‑life balance.
Health & Well‑being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.
Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.
Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.
Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.
Many More...
#J-18808-Ljbffr
Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights.
Velsera provides software and professional services for:
AI-powered multimodal data harmonization and analytics for drug discovery and development
IVD development, validation, and regulatory approval
Clinical NGS interpretation, reporting, and adoption
With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries!
What will you do? Compliance & Governance
Develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework
Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audits.
Serve as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI).
Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworks.
Plan, conduct and manage internal and supplier audits
Plan GRC activities, prioritise and implement them in timbound manner.
Perform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructure
Collaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance. Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configurations.
Review risk mitigations periodically and track remediation efforts to closure.
Conduct third-party vendor risk assessments, focusing on their adherence to required compliance standards.
Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical teams.
Evaluate and recommend new security technologies and processes to enhance the compliance and risk posture.
Stays current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPAA.
What do you bring to the table? Experience
Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance.
Proven, hands‑on experience driving and maintaining ISO 27001 certification programs.
Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud‑centric environment.
Strong technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud‑native security services.
Education: Bachelor's degree in IT, Computer Science or related field.
Certifications (One or more highly preferred):
CISSP (Certified Information Systems Security Professional)
CISA (Certified Information Systems Auditor)
ISO 27001 Lead Implementer/Auditor
CCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud‑specific security certification (e.g., AWS Certified Security, Azure Security Engineer).
Soft Skills
Proficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear actionable
Strong project management and organizational skills to handle multiple, simultaneous audit and compliance initiatives.
A collaborative and proactive mindset, with the ability to influence and lead cross‑functional teams without direct authority.
Benefits
Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work‑life balance.
Health & Well‑being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.
Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.
Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.
Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.
Many More...
#J-18808-Ljbffr