Security & Compliance Lead

Security & Compliance Lead: Build Trust for Europe's AI Healthcare RevolutionAre you ready to own and operate the security agenda at one of Europe’s fastest-growing tech companies? Noteless is hiring a hands-on Security & Compliance Lead to mature our security program. You’ll maintain and improve our certifications and privacy posture while building pragmatic, scalable processes for a growing engineering organization.About UsNoteless is at the forefront of healthcare innovation. Our AI transforms patient conversations into structured clinical notes, giving clinicians hours back per day for patient care. Built by healthcare professionals for healthcare professionals, our team blends practicing physicians with world-class engineers to solve real clinical needs at scale.About the RoleYou will own and evolve our established security and compliance framework, report directly to the CTO, and partner closely with Product & Engineering and legal counterpartsDay-to-Day, You WillManage security operations: vulnerability scanning, incident response, security monitoring, and risk assessmentsOwn compliance framework: maintain ISO 27001 ISMS, MDR documentation, GDPR compliance, and prepare for AI-ActHandle external interactions: customer security questionnaires, vendor assessments, audits, and due diligencePartner with Engineering: embed security in development, build scalable processes, and drive security culture through trainingAutomate and optimize: streamline GRC documentation and integrate security tools with existing systemsWhat We’re Looking ForA pragmatic, hands-on operator who translates frameworks into action, automates the boring parts, and continuously improvesEssential Skills & Experience3+ years in a GRC/security-compliance role (or equivalent impact)Proven, practical ISO 27001 experience (implementation or maintenanceHands-on with security tooling (SIEM, vulnerability scanners, cloud security)Strong understanding of GDPR and privacyExcellent communication and training skillsFluency in EnglishNice-to-HavesTechnical background (software/DevOps)Experience in Health Tech, AI, or other regulated environmentsExposure to Medical Device RegulationExperience with GRC tools (e.g. Vanta/Drata)Relevant certifications (e.g. CISM, CISA, CRISC)We know great candidates don’t all follow the same path. If you can create impact in this role, we want to hear from you, even if you don’t meet every single bullet.What NotelessOffersImpact that directly improves patient care and reduces bureaucracy for thousands of cliniciansA dynamic team with deep expertise in medicine and AICompetitiv salaryModern offices at Forskningsparken, OsloA clear path to grow into Head of IT Security & Compliance or CISO as we scaleReady to build trust in healthcare?Apply today and help us secure the future of medical documentation.Questions? Contact Anna Viken at anna.viken@noteless.no or +47 941 43 866We look forward to hearing from you!