At Harrison.ai, we’re redefining what’s possible in healthcare. Through our diagnostic AI solutions, we’re building tools that support clinicians to deliver earlier, more accurate diagnoses and raise the standard of care for millions of patients worldwide.
Our mission is bold but simple: to scale global healthcare capacity and create a fairer, healthier world. By using AI as a co-pilot for clinicians, we’re tackling one of healthcare’s biggest challenges, the shortage of human expertise, and giving every patient the chance to access timely, high-quality care, no matter where they live.
Because while we’re building cutting-edge AI, what we’re really building is hope—that everyone can access the healthcare they deserve.
And we’re just getting started.
About Your RoleAs Cybersecurity Engineer, you will be a core contributor to the cybersecurity posture of a company where the stakes are real: our products are regulated, our data is sensitive, and the people who depend on our software are patients. You will work across Cybersecurity Governance, Risk & Compliance (GRC), technical security operations, and product-adjacent security activities, which means no two weeks look the same. The ideal candidate brings a foundation in either cybersecurity engineering or GRC, genuine curiosity about the streams you haven’t lived yet, and the drive to build things properly in a lean team.
This is a broad, hands-on role sits within the Compliance RAQA squad and works closely with engineering, product, IT, privacy and legal teams across the business. The role reports directly to the Head of Compliance & RAQA and has direct access to the CEO with meaningful visibility into strategic decisions from day one.
What You'll Do:ISMS management and compliance. Manage and maintain the Information Security Management System, ensuring ongoing compliance with ISO 27001, GDPR, HIPAA, and other applicable frameworks.
Cybersecurity assessments and risk remediation. Conduct cybersecurity assessments and audits; triage and drive remediation of identified risks in collaboration with engineering teams.
Policies and documentation. Author and maintain cybersecurity policies, procedures, and controls documentation to support Cybersecurity and Governance requirements.
Technical security operations. Support cybersecurity operations and IT on technical security tooling, firewalls, networking, endpoint protection, and SIEM.
Security questionnaires and third-party vetting. Respond to bids, tenders, and third-party security vetting.
Security culture and awareness. Champion a security first culture across the organisation: create awareness programs, run training, and embed security-by-design thinking into how teams work.
Data security and governance. Support data security and data governance initiatives across the organisation.
Demonstrably AI-forward. Uses AI in their own workflows and can point to concrete automations they have built or commissioned to take work out of IT and operations.
Relevant degree in Engineering, Science, or Information Systems, or 5+ years of demonstrated experience owning security programs or workstreams in an Information Security, Network Engineering, or System Administration capacity
Demonstrated technical foundation in at least one of: SOC / security operations, networking, system administration, or software development, with the ability to provide credible security consulting to engineering teams
Experience managing or contributing substantially to an ISMS aligned with ISO 27001, including audit support and control evidence
Experience with GRC activities: risk assessments, control frameworks, policy development, and compliance monitoring
At least one security certification: CISA, CISM, CISSP, SANS, BSI, or equivalent
Strong written and verbal communication; able to translate technical risk for stakeholders at every level
Nice to have skills and characteristics:
Prior work in a regulated software environment (healthcare SaaS, medical devices, avionics, automotive, or similar) with direct exposure to product-level security obligations (IEC 81001-5-1, ISO 14971 in a cybersecurity context, or equivalent)
Experience with AI-based products or AI governance frameworks, including ISO 42001 or NIST AI RMF; familiarity with the EU AI Act's security and transparency obligations is a plus
Familiarity with ISO 13485 or ISO 9001 quality management systems, and how ISMS controls intersect with QMS obligations
Hands-on experience with enterprise security tooling at a comparable level of complexity. Harrison.ai's current stack includes CrowdStrike, CATO Networks, Mimecast, BeyondTrust, and AIM Security
Experience responding to enterprise security questionnaires and third-party vetting platforms (Drata, Vanta, OneTrust, UpGuard)
Experience in cloud security including cloud security certificate
🌍 Innovate for Global Good. Join us to pioneer world-first AI technology that transforms patient outcomes and helps build a healthier, fairer world.
🤝 Collaboration Across Continents. Work with brilliant minds from every corner of the globe in a culture built on trust, autonomy, and genuine teamwork.
🚀 Well-Funded & Global. Backed by world-class investors including Aware Super, Blackbird Ventures, Skip Capital, and Horizons Ventures, we’ve raised over US$240M to accelerate our global impact.
🌱 Scale Your Potential. Tap into yearly L&D budgets, mentoring, hackathons, and secondments—all supported by a transparent growth framework to grow your career.
💻Flex for Life. Work when and where you do your best—with WFH options, flexible hours, and the autonomy to make an impact your way.
🙌 Support for Every Family Journey. From fertility to parenthood, loss, and even grandparenthood—we provide inclusive, thoughtful policies to support families in every stage.
If you’re inspired by what we're up to, please apply now and we'll be in touch soon.
We are proud to be an Equal Opportunity Employer. Diversity’s not a buzzword here, it’s in our DNA. Diverse perspectives shape our culture and make our work better. We’re committed to building inclusive teams that represent a variety of backgrounds and skills. We look forward to hearing from you.
