Curelator
Curelator is a digital health company focused on developing
a clinical grade disease management platform for patients and
clinicians. The company is base in Cambridge MA with operations in the
US as well as Barcelona, Spain, UK and Germany.
Our product is a clinically validated patient-centric, digital
platform that combines big data and proprietary small data (n=1)
analytics to measure the impact of a wide spectrum of factors and
medications on individuals with chronic diseases who have debilitating
episodic attacks.
N1-Headache, our first application is being used in clinical
studies with multiple institutions, which have generated several
groundbreaking findings that have advanced the clinical management of
migraine. Curelator collects patient reported data remotely and provide
individual analysis to headache clinics.
The position
We are looking for a person to fill an hybrid role of
Security Analyst, Information Security Officer and Data Protection
Officer. We are developing a new information security program and a data
protection and privacy program and we need a technical, hands-on
person, with good management skills to help us implement and oversee the
application of these new policies, procedures and guidelines.
Security Analyst / Information Security Officer role:
- Implement, maintain a comprehensive information security
program, related policies, procedures, standards and guidelines, and
oversee their approval, dissemination, and maintenance, to ensure
adequate protection of information assets.
- Establish monitoring and assessment processes to ensure compliance and adherence to laws and regulations such as HIPAA.
- Develop and implement training programs and communications to
make systems, network, and data users aware of and understand security
policies and procedures.
- Partner with operations, infrastructure, and applications
teams to ensure that technologies are developed and maintained according
to security policies and guidelines.
- Develop and maintain the Incident Response Plan and escalates possible incidents to the relevant teams.
- Stay well-informed of best practices in the IT security field,
coordinate and evaluates new and emerging security practices and
technologies, and recommends and promotes adoption as appropriate.
- Manage the daily operation and implementation of the IT security strategies.
- Identify and assess risks in implementing new features and products.
Data Protection Officer:
- Maintain and improve the data inventory, classification and mapping.
- Conduct Data Protection Impact Assessments (PIAs).
- Monitor data management procedures and compliance within the company.
- Establish monitoring and assessment processes to ensure compliance and adherence to laws and regulations such as GDPR.
- Maintain records of processing operations.
- Respond to data subject requests.
- Review external providers contracts to ensure compliance to data protection policies and regulations.
This is an exciting opportunity to get involved first-hand
in the implementation of the first comprehensive cybersecurity and
privacy program at Curelator.
You will work closely with our CEO, Clinical VP, Medical
Affairs Director, Product Manager, Designers and Developers. We have
smart and autonomous team of effective and communicative people spread
between US and Europe. We are looking for someone based in Europe, with
strong communication skills generally and especially in German and
English.
Preferred Qualifications and Experience
- Extensive knowledge of business risk, risk assessment and risk-based decision making.
- Expert knowledge of GDPR, national data protection laws and practices.
- A proven track record in developing information security policies, privacy policies and procedures, and successful execution.
- Knowledge of security, risk and control frameworks and standards such as ISO27001 and NIST.
- Knowledge of HIPAA and HITRUST desirable.
- Experience in data protection and legal compliance.
- Ability to handle confidential information.
- Ethical, with the ability to remain impartial and report all noncompliance.
- Great organizational skills with attention to detail.
- Enthusiastic, responsive and a flexible working style.
- Proactive and pragmatic approach.
- Background in computer science, engineering, cyber risk management or a related field.
- Desirable: knowledge of data processing operations within the health sector.
- Desirable: experience in start-up roles.
Compensation
Between €45,000 and €55,000, depending on the experience, plus an equity sharing plan.